Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1583481
MD5:0c5dc3d854163db3f05e69da8c482963
SHA1:848e0dbd6b93c57b4178c5427f937c2826f888a1
SHA256:d9208fb65a6bd0364e830e1ff3689b07724d34dca35f5e9cd0c457278675eb59
Tags:exeuser-jstrosch
Infos:

Detection

XRed
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XRed
C2 URLs / IPs found in malware configuration
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Machine Learning detection for dropped file
Machine Learning detection for sample
Uses dynamic DNS services
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates or modifies windows services
Detected non-DNS traffic on DNS port
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains executable resources (Code or Archives)
PE file does not import any functions
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 1708 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 0C5DC3D854163DB3F05E69DA8C482963)
    • ._cache_file.exe (PID: 6052 cmdline: "C:\Users\user\Desktop\._cache_file.exe" MD5: B88228D5FEF4B6DC019D69D4471F23EC)
      • Setup.exe (PID: 6388 cmdline: c:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exe MD5: 006F8A615020A4A17F5E63801485DF46)
    • Synaptics.exe (PID: 5796 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: 7407C51DD7AC30C4D79658D991A8B5D6)
      • WerFault.exe (PID: 9112 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 13876 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EXCEL.EXE (PID: 6008 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 5952 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • cleanup

Malware Configuration

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
file.exeJoeSecurity_XRedYara detected XRedJoe Security
    file.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\ProgramData\Synaptics\RCX7988.tmpJoeSecurity_XRedYara detected XRedJoe Security
        C:\ProgramData\Synaptics\RCX7988.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
          C:\Users\user\Documents\~$cache1JoeSecurity_XRedYara detected XRedJoe Security
            C:\Users\user\Documents\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
              C:\ProgramData\Synaptics\Synaptics.exeJoeSecurity_XRedYara detected XRedJoe Security
                Click to see the 1 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                  00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                    Process Memory Space: file.exe PID: 1708JoeSecurity_XRedYara detected XRedJoe Security

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      0.0.file.exe.400000.0.unpackJoeSecurity_XRedYara detected XRedJoe Security
                        0.0.file.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\file.exe, ProcessId: 1708, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                          Sigma detected: Office Macro File Creation
                          Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 5796, TargetFilename: C:\Users\user\AppData\Local\Temp\nnx85ahz.xlsm

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2025-01-02T20:31:45.930913+010020448871A Network Trojan was detected192.168.2.549709142.250.185.174443TCP
                          2025-01-02T20:31:45.941615+010020448871A Network Trojan was detected192.168.2.549710142.250.185.174443TCP
                          2025-01-02T20:31:46.970844+010020448871A Network Trojan was detected192.168.2.549715142.250.185.174443TCP
                          2025-01-02T20:31:47.067354+010020448871A Network Trojan was detected192.168.2.549714142.250.185.174443TCP
                          2025-01-02T20:31:48.000755+010020448871A Network Trojan was detected192.168.2.549719142.250.185.174443TCP
                          2025-01-02T20:31:48.372196+010020448871A Network Trojan was detected192.168.2.549720142.250.185.174443TCP
                          2025-01-02T20:31:49.047902+010020448871A Network Trojan was detected192.168.2.549725142.250.185.174443TCP
                          2025-01-02T20:31:49.544592+010020448871A Network Trojan was detected192.168.2.549726142.250.185.174443TCP
                          2025-01-02T20:31:50.797021+010020448871A Network Trojan was detected192.168.2.549739142.250.185.174443TCP
                          2025-01-02T20:31:50.811904+010020448871A Network Trojan was detected192.168.2.549740142.250.185.174443TCP
                          2025-01-02T20:31:51.820370+010020448871A Network Trojan was detected192.168.2.549744142.250.185.174443TCP
                          2025-01-02T20:31:51.832213+010020448871A Network Trojan was detected192.168.2.549746142.250.185.174443TCP
                          2025-01-02T20:31:52.925238+010020448871A Network Trojan was detected192.168.2.549749142.250.185.174443TCP
                          2025-01-02T20:31:53.097090+010020448871A Network Trojan was detected192.168.2.549748142.250.185.174443TCP
                          2025-01-02T20:31:53.767271+010020448871A Network Trojan was detected192.168.2.549755142.250.185.174443TCP
                          2025-01-02T20:31:54.152575+010020448871A Network Trojan was detected192.168.2.549757142.250.185.174443TCP
                          2025-01-02T20:31:54.790036+010020448871A Network Trojan was detected192.168.2.549763142.250.185.174443TCP
                          2025-01-02T20:31:55.246917+010020448871A Network Trojan was detected192.168.2.549770142.250.185.174443TCP
                          2025-01-02T20:31:55.853847+010020448871A Network Trojan was detected192.168.2.549777142.250.185.174443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2025-01-02T20:31:46.312424+010028326171Malware Command and Control Activity Detected192.168.2.54971369.42.215.25280TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus / Scanner detection for submitted sample
                          Source: file.exeAvira: detected
                          Source: file.exeAvira: detected
                          Antivirus detection for URL or domain
                          Source: http://xred.site50.net/syn/Synaptics.rarZAvira URL Cloud: Label: malware
                          Source: http://xred.site50.net/syn/SUpdate.iniZAvira URL Cloud: Label: malware
                          Source: http://xred.site50.net/syn/SSLLibrary.dll6Avira URL Cloud: Label: malware
                          Antivirus detection for dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                          Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                          Source: C:\ProgramData\Synaptics\RCX7988.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                          Source: C:\ProgramData\Synaptics\RCX7988.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                          Found malware configuration
                          Source: file.exeMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                          Multi AV Scanner detection for dropped file
                          Source: C:\ProgramData\Synaptics\RCX7988.tmpReversingLabs: Detection: 93%
                          Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 89%
                          Source: C:\Users\user\Documents\~$cache1ReversingLabs: Detection: 93%
                          Multi AV Scanner detection for submitted file
                          Source: file.exeReversingLabs: Detection: 89%
                          Machine Learning detection for dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                          Source: C:\ProgramData\Synaptics\RCX7988.tmpJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: file.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01004F6B InitializeSecurityDescriptor,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,GetCurrentDirectoryA,GetSystemDirectoryA,QueryDosDeviceA,_strlwr,strstr,strstr,strstr,GetDiskFreeSpaceA,CryptAcquireContextA,sprintf,CryptGenRandom,sprintf,sprintf,CryptReleaseContext,GetSystemTime,SystemTimeToFileTime,DialogBoxParamA,DosDateTimeToFileTime,LocalFileTimeToFileTime,SetFileTime,CloseHandle,SendDlgItemMessageA,MoveFileExA,strstr,_stricmp,SendDlgItemMessageA,GetLastError,CreateFileA,SetFilePointer,SetFilePointer,SetEndOfFile,SetFilePointer,2_2_01004F6B
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010045EB GetFileAttributesA,LoadLibraryA,GetProcAddress,DecryptFileA,GetLastError,2_2_010045EB
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC617D1 __EH_prolog3,GetLastError,CertCloseStore,CryptMsgClose,GetLastError,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,5_2_6CC617D1
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC480D5 CryptMsgGetParam,SetLastError,5_2_6CC480D5
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC48083 CryptQueryObject,5_2_6CC48083
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC48094 CryptMsgGetAndVerifySigner,5_2_6CC48094
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC480A5 CryptHashPublicKeyInfo,SetLastError,5_2_6CC480A5
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC48114 CryptDecodeObject,SetLastError,5_2_6CC48114
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeWindow detected: MICROSOFT SOFTWARE LICENSE TERMSMICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIESThese license terms are an agreement between Microsoft Corporation (or based on where you live one of its affiliates) and you. Please read them. They apply to the software named above which includes the media on which you received it if any. The terms also apply to any MicrosoftupdatessupplementsInternet-based services and support servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.If you comply with these license terms you have the rights below.1.INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2.Scope of License. The software is licensed not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may notdisclose the results of any benchmark tests of the software to any third party without Microsofts prior written approval;work around any technical limitations in the software;reverse engineer decompile or disassemble the software except and only to the extent that applicable law expressly permits despite this limitation;make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;publish the software for others to copy;rent lease or lend the software;transfer the software or this agreement to any third party; oruse the software for commercial software hosting services.3.BACKUP COPY. You may make one backup copy of the software. You may use it only to reinstall the software.4.DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.5.Export Restrictions. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations end users and end use. For additional information see www.microsoft.com/exporting <http://www.microsoft.com/exporting>.6.SUPPORT SERVICES. Because this software is as is we may not provide support services for it.7.Entire Agreement. This agreement and the terms for supplements updates Internet-based services and support services that you use are the entire agreement for the software and support services.8.Applicable Law.a.United States. If you acquired the software in the United States Washington state law governs the interpretation of this agreement and applies to claims for breach of it regardless of conflict
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\1fc170e2ba0f8da87b9ffca6da4e715d\1033\eula.rtfJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\1fc170e2ba0f8da87b9ffca6da4e715d\1041\eula.rtfJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\1fc170e2ba0f8da87b9ffca6da4e715d\1042\eula.rtfJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\1fc170e2ba0f8da87b9ffca6da4e715d\1028\eula.rtfJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\1fc170e2ba0f8da87b9ffca6da4e715d\2052\eula.rtfJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\1fc170e2ba0f8da87b9ffca6da4e715d\1040\eula.rtfJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\1fc170e2ba0f8da87b9ffca6da4e715d\1036\eula.rtfJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\1fc170e2ba0f8da87b9ffca6da4e715d\1031\eula.rtfJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\1fc170e2ba0f8da87b9ffca6da4e715d\3082\eula.rtfJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\1fc170e2ba0f8da87b9ffca6da4e715d\1049\eula.rtfJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49709 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49710 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:49716 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:49717 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49719 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49720 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49725 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49726 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49739 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:49738 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49740 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49744 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49746 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49749 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49748 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:49751 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:49769 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:49776 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49777 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49779 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:49780 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49792 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49796 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49812 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:49815 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49813 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:49816 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49827 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49828 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49842 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49839 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49850 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49857 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49881 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:49883 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49882 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49892 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49895 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49904 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49906 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54876 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54877 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54896 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:54897 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:54899 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54898 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54909 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54910 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54923 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54922 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54940 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:54941 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:54943 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54942 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54962 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54964 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:54983 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:54984 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54994 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54997 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:55027 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:55025 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55026 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55024 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55034 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:55036 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55038 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:55040 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55048 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55051 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:55068 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55067 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55069 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:55070 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55078 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55079 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55090 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55093 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55107 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55109 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55117 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55119 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55149 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:55150 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55151 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:55152 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55169 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55171 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55189 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55190 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:55197 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:55201 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55206 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55205 version: TLS 1.2
                          Source: Binary string: sfxcab.pdb source: file.exe, ._cache_file.exe.0.dr, Synaptics.exe.0.dr
                          Source: Binary string: sqmapi.pdb source: Setup.exe, Setup.exe, 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, sqmapi.dll.2.dr
                          Source: Binary string: SetupEngine.pdb source: Setup.exe, Setup.exe, 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, SetupEngine.dll.2.dr
                          Source: Binary string: patchhooks.pdbX source: vc_red.msi.2.dr
                          Source: Binary string: patchhooks.pdb source: vc_red.msi.2.dr
                          Source: Binary string: Setup.pdb source: Setup.exe, Setup.exe, 00000005.00000002.3307402281.0000000000681000.00000020.00000001.01000000.00000008.sdmp, Setup.exe, 00000005.00000000.2079340723.0000000000681000.00000020.00000001.01000000.00000008.sdmp, Setup.exe.2.dr
                          Source: Binary string: SetupUi.pdb source: Setup.exe, Setup.exe, 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, SetupUi.dll.2.dr
                          Source: Binary string: SetupResources.pdb source: SetupResources.dll4.2.dr, SetupResources.dll3.2.dr, SetupResources.dll1.2.dr, SetupResources.dll6.2.dr, SetupResources.dll7.2.dr, SetupResources.dll.2.dr, SetupResources.dll5.2.dr, SetupResources.dll2.2.dr, SetupResources.dll0.2.dr, SetupResources.dll8.2.dr
                          Source: file.exe, 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                          Source: file.exe, 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                          Source: file.exe, 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
                          Source: file.exeBinary or memory string: [autorun]
                          Source: file.exeBinary or memory string: [autorun]
                          Source: file.exeBinary or memory string: autorun.inf
                          Source: Synaptics.exe.0.drBinary or memory string: [autorun]
                          Source: Synaptics.exe.0.drBinary or memory string: [autorun]
                          Source: Synaptics.exe.0.drBinary or memory string: autorun.inf
                          Source: RCX7988.tmp.0.drBinary or memory string: [autorun]
                          Source: RCX7988.tmp.0.drBinary or memory string: [autorun]
                          Source: RCX7988.tmp.0.drBinary or memory string: autorun.inf
                          Source: ~$cache1.3.drBinary or memory string: [autorun]
                          Source: ~$cache1.3.drBinary or memory string: [autorun]
                          Source: ~$cache1.3.drBinary or memory string: autorun.inf
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010046B9 SendDlgItemMessageA,strstr,SetFileAttributesA,GetLastError,CopyFileA,SendDlgItemMessageA,strstr,SetFileAttributesA,CopyFileA,GetLastError,CopyFileA,SetFileAttributesA,SendDlgItemMessageA,_strlwr,GetLastError,MoveFileA,MoveFileA,_strlwr,strstr,FindFirstFileA,strrchr,SendDlgItemMessageA,DeleteFileA,Sleep,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,strchr,strrchr,SendDlgItemMessageA,2_2_010046B9
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC35B82 __EH_prolog3_GS,_memset,FindFirstFileW,FindNextFileW,FindClose,5_2_6CC35B82
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC3410A FindFirstFileW,GetFullPathNameW,SetLastError,_wcsrchr,_wcsrchr,5_2_6CC3410A
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6E334281 memset,EnterCriticalSection,FindFirstFileW,LeaveCriticalSection,ctype,FindNextFileW,FindClose,ResetEvent,CreateThread,CloseHandle,GetLastError,5_2_6E334281
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6E348097 memset,memset,FindFirstFileW,DeleteFileW,GetLastError,FindNextFileW,FindClose,5_2_6E348097
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                          Source: excel.exeMemory has grown: Private usage: 2MB later: 69MB

                          Networking

                          barindex
                          Suricata IDS alerts for network traffic
                          Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.5:49713 -> 69.42.215.252:80
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49710 -> 142.250.185.174:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49709 -> 142.250.185.174:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49714 -> 142.250.185.174:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49715 -> 142.250.185.174:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49719 -> 142.250.185.174:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49720 -> 142.250.185.174:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49725 -> 142.250.185.174:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49740 -> 142.250.185.174:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49746 -> 142.250.185.174:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49749 -> 142.250.185.174:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49739 -> 142.250.185.174:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49748 -> 142.250.185.174:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49755 -> 142.250.185.174:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49726 -> 142.250.185.174:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49757 -> 142.250.185.174:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49763 -> 142.250.185.174:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49770 -> 142.250.185.174:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49777 -> 142.250.185.174:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49744 -> 142.250.185.174:443
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: xred.mooo.com
                          Uses dynamic DNS services
                          Source: unknownDNS query: name: freedns.afraid.org
                          Source: global trafficTCP traffic: 192.168.2.5:54868 -> 162.159.36.2:53
                          Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                          Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                          Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                          Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                          Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC74B54 URLDownloadToFileW,5_2_6CC74B54
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9XTLzz17R7L1ka_HjEBo1ojDDGPsOmOVJNvdm1jmTxc1RyESzyz1OLbU0VUvOIT6PGx-aSp3RD68iBhsJUUrXubWlnBitf8l9nHrGgXm_LHX3vKTkLSF4jaGF5PtFeLXTZ3OClND61zD0fvOAFVtelrtU30T7AG3oK796UJzdGIUWQH3mvrBrcv
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=V9XTLzz17R7L1ka_HjEBo1ojDDGPsOmOVJNvdm1jmTxc1RyESzyz1OLbU0VUvOIT6PGx-aSp3RD68iBhsJUUrXubWlnBitf8l9nHrGgXm_LHX3vKTkLSF4jaGF5PtFeLXTZ3OClND61zD0fvOAFVtelrtU30T7AG3oK796UJzdGIUWQH3mvrBrcv
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=V9XTLzz17R7L1ka_HjEBo1ojDDGPsOmOVJNvdm1jmTxc1RyESzyz1OLbU0VUvOIT6PGx-aSp3RD68iBhsJUUrXubWlnBitf8l9nHrGgXm_LHX3vKTkLSF4jaGF5PtFeLXTZ3OClND61zD0fvOAFVtelrtU30T7AG3oK796UJzdGIUWQH3mvrBrcv
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                          Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                          Source: global trafficDNS traffic detected: DNS query: docs.google.com
                          Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                          Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                          Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                          Source: global trafficDNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4jC80EYocU88c7XVDz1RozQ3iyBT35y0-MBS4qrbxGdEOBYlsZrvMMXC1aVckQgdl2Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:31:46 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-G3YJJxVT9SY6VB7LOxCu6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=V9XTLzz17R7L1ka_HjEBo1ojDDGPsOmOVJNvdm1jmTxc1RyESzyz1OLbU0VUvOIT6PGx-aSp3RD68iBhsJUUrXubWlnBitf8l9nHrGgXm_LHX3vKTkLSF4jaGF5PtFeLXTZ3OClND61zD0fvOAFVtelrtU30T7AG3oK796UJzdGIUWQH3mvrBrcv; expires=Fri, 04-Jul-2025 19:31:46 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5YiLuvryoXxKhfBqqe0xbCDrMXUgM3saw2bx98XTPqTzi04-nMPYLchmCdSI89huPCContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:31:47 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-7p4cLkypOz6yskahQNBHwA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs; expires=Fri, 04-Jul-2025 19:31:47 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4JdAF1hkWU2l0cJT8tD_SZQ-Bdr1B9ZUuYqTvmvcmJMXSC7Qf9RdY3pEtv7b4M3YiP-2K5Pg8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:31:48 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-zhBdXgtmDjcWv86rNYtdCg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0; expires=Fri, 04-Jul-2025 19:31:48 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7r-uDKEdeFYNLh1inq4q2EZkJnpzmsN-dqaXeOzarfE60Dei37rEkAltKRcWBI3b5ZContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:31:48 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-aODRhxeb2rsRXkiUKSgSAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6uWJYp2ZF69EeRyDzhNMCcJgzBw0y6fjfIJO8FnAYHOVIwA0TYU3Y5UHioCwBstGWAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:31:49 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-Hk9SBORwENH-j5Hzyn_O9w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7V8skXCAkGZBscbD_d8VCCQCxpEb_7iJ-YFwyr-O2gU5VBW6WVBIY3Ipmogw1_OhNNContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:31:50 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-4vEbzj0c9NWRINqAU-0pkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5jxo58V8megawoCbWSG5IhmqFo51cLsnqZhnTMRydVZ-yIHs8BrFQCwG8fMVLUJyQqV8WZeo8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:31:51 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-putScOuga7P21EX4Ibfh8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6GQMJNECznHsxMGp133q7Gj50Qy3CJPmIKIDiCQEYv1WdDv3QEqXm9VDlzxVWI-N0GContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:31:51 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Y1lIA5HQVjFcunG6RVVZLQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7yeT-zNTdj-dR1jiaPsWZRRY4ROATkhxOrITiHKdIM8BT5iV5_XEpP1t6rDcGV2gKSContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:31:52 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-rAbo7rscW7ZdX8GB8VvPxg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7cOQ0neXewoNPuARslPCDDJesXUB6lJez2RXN7oO_7xtptvs5FCobGCN3QrFemhW_MContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:31:53 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-8nw-5hiUgJP8YNxsj5ItJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC66_FexK7EfOy0W_SgkF9hLRenNRivVSbtQbaRybPQLN6mhJ5G49iVKdyxN8YrJdBP3Tk3hjX4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:31:55 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-1YjGbb_Ir7p4HAooOBtz5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7JMkQ2DSqHaj-sQEhYGNT1CjmSscInyTgy8ApLmq9CMZYPiSoxgFdPlEOD_atM9Ks6Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:31:55 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-VL3R8B3dKJXovRmn8BjHHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7TsXV3tpCi-sgtWSVsCXyTvoztp8viHyJvtR_6pfW2uacZkzxFT5MmFkzfZuRy3m4fbWKIUSEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:31:56 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-LfR_i4XnPbwkdpJpBacxXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4Rw_7bpwdGGvoyMdeKuBWhfDDCyV_z6Ln_VcTwHszhiqSsEafVA2PTTqBhZotW0gs8zzBWxCAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:31:56 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-_r7OzNT_9YPq9bNKhhEGRQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6Ts0D78Ex0xUJCp3q1BOLkY1j5h_MQiN8bex05q4OIYwAYENxUHO0qUkbHb5WUrvj_Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:31:57 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-_vBE4mLNnLik_6nX3BlflQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC50finYrAnR8etU2nRcDzmQzd2rSN8GKG50cO_v2gGha4vtS3DhFLJ6-a4ecRptb7q_dbdttWQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:31:59 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ffuVu8BLGV5eUS-AlRYZWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6qSpwQ_N50en-QeKuDjmCVamWUG4YK7KJ1uSeJ3UmxFIxtL9UyrnQZrBZaS_1b-hdcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:00 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-0Tyznfb6MoU9OLwDEPo3pQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7O9VzABE8fffwPvDhSnozuu5okRuIf1jU5JLUzrvO7nAx_eWzQEf41mrc9tdgKtwa4tX1AxpoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:03 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-MuZOrTYAOieEZfkwhHO2RQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5BSCzRcVd1ABxaByWajGEZVYkdbbF3IDo-zjKDHmIQsVplTx12phJ2qYh29AIyLPcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:03 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-gfAfJ1dDoc5lN7aE_iWXIA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5odHYAS9O9CXWWQTUoRCgqVOEPPD_hBejZZYmRJIq-5zaQFn6zigMuxKw4ohm9g-HfContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:04 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-3AvN4kizdQesmFgK5zJp3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC74WGs542qSHtyjvKt1EdVWXPWBk0YZp5CyT1fhTfd21HwxOpfiuzPGtrphzruf3FLSContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:04 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-YdV9Wacqws8Rbs7OdeF8iw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5clwSx16-ojHEoeZ2cnkqLnMEc8NbfpxR9rFO6hKHFWoE88BA8AFI6Om6mszon3AaEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:05 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-0zDGy59hmw5TOS9EX8zcRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC42xxYH_0-Aa87F0WB2IsRCGINzpCTuXaJyBs4-dbKkVEz4Iv8PgFyN2ydZMlRB3rb1VXE6J-IContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:06 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-NfpncCJ3-A2UoIaMoG0_pQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4_UI8YlCQy0GHm-08G_an8EyAriVVciRBCwwK20KmS1TYtl3z0cjmC0bx9H-GqMgAnContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:07 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-jFMKBizQ3cQr_4Bmhsu23Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC73MbiBmEaSCZJWTcVnq886XoVitilneFgPGCk-stO3EExWLrS_npJZ7WLbiS5HkC5ST_l9i5wContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:07 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-VxqTBDMkzk-l2HYd2FS7fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC58bOdH0eE-rAyO3mkLNCkOKEgOaRaJB6vx22wgYht6Funmh1UbbEBxwOtmHzCdBfLuk75_208Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:08 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-KkNdZYerXBSeNMvIpnnYPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5eFBEKZqsaXVPuXQfs031QDEG_3toHipBiWk1jxyE1tdbaH9jXMwYnUza-u1y-ZhdIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:09 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ru0ebaPNHr0dOkZzxJNPaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4ZpnsPSFfb7WeoF39fNcl6viaDlJe0EQPloso31K9n3t1yfR_8KYX40OtmHXGge-PFContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:11 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-3ThIJwKxXg6MZCl7OJ98Yg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5p5X35RInSmlNHDv8nrK60-VaNR5uAoJld6cQtlHrgiqcdGprZfJzP7Ks_Up8sLycAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:11 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-n84Ed1s-slsyWcXOj_3tWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5rsfMqpe2hpQRgEHRi7_Go0VlxW9BPQTeYlD2OpptmsD8Mg5vf5N_fcwe0k0Wu9oeoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:12 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-FVOCbvQHXmHoVScclUL69w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7oJgN8BJJBlt4YpZRapCFGQ7v23cBf4Y51Zo5SWwLNAmyXVvz6Qz5ZL0SYaJSg5y5rContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:13 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-p7zyKA1blRTOAopvSSFvIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6krn3fcccAZyvu0ku93iUGKC31OdMNEJ7oxkim-kQ1cd97E0r0yVyalI4I2JpxtqRAv1LxslkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:15 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-zYGH0ywjRo-afNUSZqPNxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5Z5KEGTeJ7u6uI50Ju-nHnMnD24YqHB8cZTMYYFVEGhFd9AXhKeRXdHGKvkAOGcF9W3UVEKWwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:15 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-nr68BCZVT-ioOGoA13V0gg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6QVcj4vwTJxED8DQkQNvi7k86c7JTjmlukcQSDs3bAp-DdbmwVKGSNgH8DiYrgNL_KContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:16 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-1MiJSKnipUtvx-ZbC8aySQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5_ep2ajqsR6SKjrjR0_ARRvDMgSebuhEtgMgT36puzO-hE9kWvBGwxtPGilT3VLtxkpLzgecEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:17 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-TQRsyfoFvLc17_edTxRcMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7gxjS5Y827OPBB5R18UmOiXVAPgo7ryNDvdYS6yCQxf8f5CkudpjNVGGd5AIFMgPwzContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:19 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-r-c1Eh_UHCwLtTymdezJ1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6vuCSeQQMmbcrwZO8qdctk9PF0ry2PnEX0PgDJGOMDrswFjMz9eqBBAgQv3hdZPzx_Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:19 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-5tQReMaflSaNFI46pIKF1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5t3t9vGsMNSjk31kfSqoAPI5ubrfY8EuRQJALcNYAq3bH9wWlZMvUjhEYEXGuYZ4CXContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:20 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-DhC2m1_eqY_QFN0P7jwamw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6HuGEdtYCK9m9mmupGhoKfED1Q-QsH2wk6Rw0HllyghBEdU-tCi-kpOpHZxHb-gnPuContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:21 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce--dzFa31-QLliNfaXAKwnug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4OsAl4Q1BVqY4dtWdOssaRYmgtWl_29Z4irQYgus5TwyttUtHOSG1FLpSoQTW64G9ltDULgyYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:23 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-felKp3KRz4JpfIurQBkbqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7JfdyxbR4J3MwaG2BkHaOSw8DUep14h5bGnEa8AN_Xh3SJI2hEHT0OvmpHsUypNZB_Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:24 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-7zLQ5jSYIYvOWDwwRQkkYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7Jj2JnNpfvC8awdAYOW5O8Ltk0QGETUlROvg_7CHEvjR12yEYJF7IKhvAfmQj-eoGUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:24 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-mrv_7yks-ZLxc2cd0id0vQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7egf8DCDMPHVbmulziHdbpeDimduHvEuJpEhwpGUezH6flhYqesDzxkWxFBZmOZmATqy4jaWsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:25 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-IhzwxZv5osVGVLeaIAwL7A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6NX45v6C7p7jEprw7POBhSg9JtupbGtykVOAW-E2sCZ1GBI8VWsXbdAv8PB5lZ_RrwvBWMZGcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:27 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-687n_2YPB1WRC7QThWv38A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6pPEkzCNyRjuwBJ6ZxC1ptIstfGt4xzPTgt2tqFFB7PCp5aydi2zv5PpyXkdNYezWNContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:27 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-L5VFBJc4Dp8NSUUPxReDIA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6elQ3xQwZvi19pmxqgeSqeFCot6ftfOtyrmL1bEfb-snklM_e_ZCcEDBTgwamlRLioContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:28 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-i3ALMUqt8Pdybk7AvwsBng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC77YHfupVpgmWtbyVAQUnqYNnsrJAFeaYgUN3077w8VNBdTGkmMB75dS9qQjjJtWLPyContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:29 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ga11EpShjUvcYDmgLr3Mcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5b7ph9J90fbwasitHaz9WKPfa5tNKX7gDdF4jsR7BbQD5S6zku7pUyT55yw6LimId51u2U6j4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:30 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-__JDGlajdVvcAl5stH6V2w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5ez8FRLQbqZxaHm2wJvPN4PT37XFGL5HoYmFMRX2PF-tuDsOQo8e8gIctCvb6ecaw2Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:31 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-l7OYChzCdLFcGsvAJuE3yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6RAqCw7OgM1cULKpmh-xT9o1L7kKhXENHOgDw-czjLBLELWeB2BhhAZPUzsLZ3UqKQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:31 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-31V7qBfjCMqMavwDZ1EajA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC54v3YBaaPzb0_ZVE03sOWPWWWR_MAHeJ8wQWZ5hP2L6u7gqqDGsncRDgc1zHLbfYSDContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:32 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-6hxqI10Yk600NnN3iX8sAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6JJt1uFyL0zxXp27xb9k4d1yxjbAlFyduXs59GNmntT4ta0ZwlSGQ0XS4mapO_HGvyContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:33 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-9eJPu397IMNinaNT-BYahw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6KrOJ2SHdtS56FrSDppvWJ3P2KlZQroExvkU1o0_pjk5mihlftr2izet78niBqjdt8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:35 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-tK8JbTfW1uD51b1bxpwUTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7yUIbt1LLlT6lFW_wqw9pg2y1t986Mi4t_OdXtuSzN4_eJXzW9_wAKJ1AwO89PUTJwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:35 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-7qgEm5ZId5TjzBWe67l1Jg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7npfg_4TAS6276GDzzlP_pzwt5QMHBarsh0sXUxzG9Ye73ePm3AuZ5RKplY3R0zIGoAxaUi4YContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:36 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-ScXk9qBb_3KWuIZAfHce1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4x3ifox6TEpJDEhQ0RxTxysR67P0iKVZ8hCxXetdqlq7Ye_0BmsSnIDQ1H171i2tQVXEgRchQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:37 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-N0wxOU8ZfOmYaqblmicuOA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4FZQKRqHc76b828BAxE3BVja58Cj8HrcYAYe_ATbRzK3JqdesPDY_amgXHv0OkqxwpContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:38 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-Ql2a7p95mFVebWdHOM7xCg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4BckGFKrVGAFYojbekLL2LVrbojsK620ysLqf5ys6PymcPNUeB5Bgz9W-r2vcS2DQtContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:38 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-XoVQxAoaDSLi84CqjFe3XA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6tHLr_RhmrF-gOdS00LmIgfwhOtWM52bDx_Wot76yBg00XSFs08IKG6Fh1wRajBHPXContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:39 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-qK1_y5m2SSFSWxRVZaxxtQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6YLEKtd9hLcLWtkaMcYGgFdwJOHikXmAeVFJkgMogbmhzQbpb7CRyd4mgmVNF8YVFYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:40 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-ei_n_HKg76wH7oSUKVoQkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4t5HiovnzkEw_ahkOKghWUicFidFbtsagOAV1CrMaN1RQvv6WMSydYdHlQgTyoyDiYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:40 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-guRxU30yyKmTfEvIx3-xYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC74n2lh4bMjMomG0Qd-6TiofWw5pCvccMntd100vzotNu5FIBT8rrMFgWgvHZ7w-QW_Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:41 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-k0cRttiIuM3C4SBzK2Gi1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4yOPtjUJje1u81Y6HoGObFosMtnVoQAA1uLTbAFeMfam2AJKThlDHZCAO6TdZdtIExContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:32:41 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-KWco31VrP-s5CamakqJQIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.00000000007B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182711908.00000000007B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, Synaptics.exe.0.dr, RCX7988.tmp.0.dr, ~$cache1.3.drString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                          Source: file.exe, 00000000.00000003.2068071380.00000000026F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978x
                          Source: file.exe, 00000000.00000003.2068071380.00000000026F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dlD
                          Source: file.exe, 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe.0.dr, RCX7988.tmp.0.dr, ~$cache1.3.drString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                          Source: Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                          Source: file.exe, 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe.0.dr, RCX7988.tmp.0.dr, ~$cache1.3.drString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                          Source: Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                          Source: file.exe, 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe.0.dr, RCX7988.tmp.0.dr, ~$cache1.3.drString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                          Source: Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                          Source: file.exe, 00000000.00000003.2068071380.00000000026F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarh
                          Source: Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005522000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182711908.0000000000778000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.000000000073C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                          Source: Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/0
                          Source: Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/elleme
                          Source: Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/google.com/eniyor...
                          Source: Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/iyor...
                          Source: Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/ncelleme
                          Source: Synaptics.exe, 00000003.00000002.2862293206.0000000012FBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2859070500.000000001047E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2878898678.000000001ADFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2895742793.0000000020A7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2906092577.0000000025F7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2869433457.000000001837E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0;
                          Source: file.exe, 00000000.00000003.2068071380.00000000026F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                          Source: file.exe, 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe.0.dr, RCX7988.tmp.0.dr, ~$cache1.3.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                          Source: Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                          Source: file.exe, 00000000.00000003.2068071380.00000000026F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo
                          Source: Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884892722.000000001DAC0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.000000000740D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182328180.000000000556C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.00000000073BD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005522000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182328180.000000000553C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005508000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.0000000007462000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182711908.0000000000778000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884034477.000000001DA58000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.000000000073C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmp, file.exe, Synaptics.exe.0.dr, RCX7988.tmp.0.dr, ~$cache1.3.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005508000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                          Source: Synaptics.exe, 00000003.00000002.2818281828.00000000054E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#M
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#R#
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.000000000557B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884892722.000000001DAC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$Jq
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$b
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.000000000740D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%f
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                          Source: Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&%
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&&
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&Y
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&a
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2827054880.00000000072C5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2856384667.000000000F453000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884892722.000000001DAC0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                          Source: Synaptics.exe, 00000003.00000002.2856384667.000000000F453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(-
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(g
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)Jl
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)b
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.000000000740D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.0000000007462000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182711908.0000000000778000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-Pol:
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-cn.
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.00000000073BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-cn.c
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-g
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.000000000740D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.#
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.$
                          Source: Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..?
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..O
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..k
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.admo
                          Source: Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.ampproject.org.cn
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.be
                          Source: Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.co.urW
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.comu
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.f
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.googE
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/S
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.00000000055BB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884892722.000000001DAC0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.00000000073BD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005508000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884034477.000000001DA58000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                          Source: Synaptics.exe, 00000003.00000002.2818281828.000000000556C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182328180.000000000556C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0c
                          Source: Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0fvOA
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182711908.0000000000778000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1c
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884034477.000000001DA58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1p
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.0000000007462000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2&
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2J
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2Vp
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2Y
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2b
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005508000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3f
                          Source: Synaptics.exe, 00000003.00000002.2827054880.00000000072C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3lssO
                          Source: Synaptics.exe, 00000003.00000002.2818281828.000000000557B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3lssp
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2856384667.000000000F453000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884892722.000000001DAC0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4s
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.000000000557B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.0000000000797000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.000000000740D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.00000000073BD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182711908.0000000000778000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6X
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6g
                          Source: Synaptics.exe, 00000003.00000002.2827054880.00000000072C5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.00000000055BB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7Q_
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7Tf
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.000000000557B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2827054880.00000000072C5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.000000000556C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2856384667.000000000F453000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884892722.000000001DAC0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182328180.000000000556C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                          Source: Synaptics.exe, 00000003.00000002.2827054880.00000000072C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8CjY
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8T
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8f7
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8i
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8l
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.0000000007462000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182711908.0000000000778000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                          Source: Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9$
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2827054880.00000000072C5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:#
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:$
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:32:
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:c
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2827054880.00000000072C5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.000000000740D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005508000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182711908.0000000000778000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;SK
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;g
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182711908.0000000000778000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?RW
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?U
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?m
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182711908.0000000000778000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAb
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadArch
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB&
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBY-
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBm
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBulunw
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.000000000740D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                          Source: Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC%
                          Source: Synaptics.exe, 00000003.00000002.2818281828.00000000055BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC.
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCC
                          Source: Synaptics.exe, 00000003.00000002.2818281828.00000000054E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCL
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCa
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2856384667.000000000F453000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884892722.000000001DAC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDc
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDe
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDe_
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenetleniyor...
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDyN4Y
                          Source: Synaptics.exe, 00000003.00000002.2818281828.000000000557B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005508000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.0000000000797000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.000000000740D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFX1
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.00000000055BB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                          Source: Synaptics.exe, 00000003.00000002.2818281828.00000000054E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGO
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGQ
                          Source: Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGWA
                          Source: Synaptics.exe, 00000003.00000002.2818281828.000000000556C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182328180.000000000556C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGc
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.000000000557B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.00000000055BB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884892722.000000001DAC0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                          Source: Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH4l
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHfg
                          Source: Synaptics.exe, 00000003.00000002.2818281828.00000000055BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHttp
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                          Source: Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ#
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ$
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJJ
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJV(
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJZ%
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJb
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.0000000000797000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.000000000740D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182328180.000000000553C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKS
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKd6v2
                          Source: Synaptics.exe, 00000003.00000002.2818281828.000000000557B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884892722.000000001DAC0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                          Source: Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL$
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLac
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005508000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182711908.0000000000778000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadModelf
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005508000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.0000000007462000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182711908.0000000000778000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNg
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.00000000055BB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.000000000556C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182328180.000000000556C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO(
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOLbU0
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOR
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOl
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.000000000557B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2827054880.00000000072C5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.00000000055BB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.000000000556C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884892722.000000001DAC0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182328180.000000000556C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPl
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                          Source: Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ$
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRX
                          Source: Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadReC
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadResol
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                          Source: Synaptics.exe, 00000003.00000002.2818281828.00000000054E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSO
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSQ
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSecur
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884892722.000000001DAC0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.000000000740D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                          Source: Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT%
                          Source: Synaptics.exe, 00000003.00000002.2818281828.00000000055BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT.
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTa
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTg
                          Source: Synaptics.exe, 00000003.00000002.2856384667.000000000F453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTh
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadThe
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTr
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005508000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                          Source: Synaptics.exe, 00000003.00000002.2856384667.000000000F453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUA
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVers
                          Source: Synaptics.exe, 00000003.00000002.2890490152.000000001DD78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVk&export=download
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000797000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW-
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWP
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWU
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW_
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWm
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.000000000557B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884892722.000000001DAC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXa
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXm
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.000000000740D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182711908.0000000000778000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                          Source: Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY%
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYGuDy;
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYa
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ
                          Source: Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ$
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ=u
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_J
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_b
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada-ful
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada-pla
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadample
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadanci
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadatchi
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadate
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2827054880.00000000072C5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005508000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb#
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb$
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc.comPT
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc.youM
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcPjKy
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcSc
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadce
                          Source: Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcek
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelle
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelleM
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadces-
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadck.cn
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcm
                          Source: Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.c
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadco.i
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom.
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom0
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcs-cn
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadctors
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadctw
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.000000000557B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884892722.000000001DAC0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.0000000007462000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd0w6
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddaK
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddbox-cn.com
                          Source: Synaptics.exe, 00000003.00000002.2818281828.000000000556C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182328180.000000000556C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddc/
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddn-c
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884892722.000000001DAC0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182711908.0000000000778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                          Source: Synaptics.exe, 00000003.00000002.2827054880.00000000072C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.comd
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.plj
                          Source: Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadec
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeclic
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeflights-cn.net
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadekidsx
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadel
                          Source: Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadel3
                          Source: Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadelg
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellem
                          Source: Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadem
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloademe
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloademo
                          Source: Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaden
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenK
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetl
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetlK%R
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeng
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniy
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyo
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyoD
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadersio
                          Source: Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloades
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadet
                          Source: Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetS
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlen
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfV
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfefra
                          Source: Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadft
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfvOA
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.000000000740D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgRo
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgf
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadggph
                          Source: Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgl
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgledoo
                          Source: Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadglp
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgoogl
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgoogla
                          Source: Synaptics.exe, 00000003.00000002.2856384667.000000000F453000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884892722.000000001DAC0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.000000000740D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhf
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhi
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhtacI
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.00000000055BB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                          Source: Synaptics.exe, 00000003.00000002.2818281828.000000000556C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadic
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadick.c
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadights
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadin
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloading..
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadins
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiv
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiy
                          Source: Synaptics.exe, 00000003.00000002.2890185292.000000001DCC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor...
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                          Source: Synaptics.exe, 00000003.00000002.2818281828.000000000557B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2856384667.000000000F453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjK
                          Source: Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjK;
                          Source: Synaptics.exe, 00000003.00000002.2818281828.000000000557B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjKD
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjX
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkJ
                          Source: Synaptics.exe, 00000003.00000002.2818281828.00000000054E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkOz
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkQ
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkVK
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.000000000556C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884892722.000000001DAC0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2882048266.000000001CFBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182328180.000000000556C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                          Source: Synaptics.exe, 00000003.00000002.2858195946.000000000FA7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2832134870.00000000076FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2861174687.00000000121FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2863598112.000000001413E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2826871001.000000000713E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2861554088.00000000126FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2862580089.000000001337E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2832248971.000000000783E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2861901289.0000000012BFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2860898907.0000000011E3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2861645484.000000001283E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2832030604.00000000075BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2864004779.000000001463E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2860661254.0000000011BBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2861816308.0000000012ABE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2860999942.0000000011F7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2862110783.0000000012E7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2862015148.0000000012D3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2863790177.00000000143BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2861453088.00000000125BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2862382240.00000000130FE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl&&
                          Source: Synaptics.exe, 00000003.00000002.2863401264.0000000013EBE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl&&l4
                          Source: Synaptics.exe, 00000003.00000002.2856384667.000000000F453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl-
                          Source: Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl2
                          Source: Synaptics.exe, 00000003.00000002.2909753247.0000000028C7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2869587399.00000000184BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2902138195.000000002453E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2880902439.000000001C1FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2914627843.000000002BFCE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915992897.000000002CFFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909172319.000000002863E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2912505193.000000002A7FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2840200031.000000000C0BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2911974831.000000002A1BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2868441684.0000000017ABE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2897770532.000000002223E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2874597764.000000001A8FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2859809921.0000000010E7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2866113555.0000000015DFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2894457770.000000001FDFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2896641916.000000002147E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2865148190.000000001553E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2917854700.000000002DFFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2878378837.000000001AB7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909848758.0000000028DBE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl4
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle#
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle.cnw
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle;
                          Source: Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleG
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleme
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlemeS
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniy
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlevad;
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlfons
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlgC
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlicy:
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadll
                          Source: Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadll7
                          Source: Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllW
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllem
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlleme
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlope
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.00000000073BD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005508000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm-Fac
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadma
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme7
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn%
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.co&
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn=
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnager
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadname
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnas
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnc
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnc3
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncS
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncel
                          Source: Synaptics.exe, 00000003.00000002.2818281828.000000000557B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncis
                          Source: Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncs
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadne
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadne.c0We
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadne/
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadng..N
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadni
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniW
                          Source: Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniw
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyor
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyorA
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyorE
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.00000000073BD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005508000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoPg
                          Source: Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoW64
                          Source: Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoX
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado_g
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadog
                          Source: Synaptics.exe, 00000003.00000002.2818281828.000000000557B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogle.
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogle.N
                          Source: Synaptics.exe, 00000003.00000002.2827054880.00000000072C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogle.i
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoglecp
                          Source: Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadolving
                          Source: Synaptics.exe, 00000003.00000002.2818281828.000000000557B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.00000000073BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom.vn
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.0000000007462000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogle
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador..
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...s
                          Source: Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador?
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadorm
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadornia
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloados
                          Source: Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadot
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadouble-
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.000000000557B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884892722.000000001DAC0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.00000000073BD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                          Source: Synaptics.exe, 00000003.00000002.2868344340.000000001797E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp?
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpa
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpany
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpg
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.00000000055BB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadql
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.00000000055BB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr.
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr...
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr.O
                          Source: Synaptics.exe, 00000003.00000002.2818281828.000000000556C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182328180.000000000556C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrc
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrepor
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadript
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.00000000073BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrojec
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrojec/Wn
                          Source: Synaptics.exe, 00000003.00000002.2856384667.000000000F453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrs$#
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrt
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadry
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.00000000073BD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                          Source: Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads-Pol:
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads-cn.
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.0000000007462000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads.cn
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsR
                          Source: Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadscrip
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsic.v
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsk
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadstor-
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884892722.000000001DAC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtHtt
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtU
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtacomGW
                          Source: Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtc
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtentH
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtimiz6
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtl
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtlenJ
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtm
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtness
                          Source: Synaptics.exe, 00000003.00000002.2856384667.000000000F453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtp0#
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtpL
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtubeOT
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.00000000073BD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                          Source: Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu%h
                          Source: Synaptics.exe, 00000003.00000002.2818281828.00000000055BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu.
                          Source: Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu6g
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadua
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadul
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadulun
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadun
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                          Source: Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv$w
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv&
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvY
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadving
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvn
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvz6Qz6
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw$p
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw(r
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw0pp
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwDs
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwPs
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwhsH
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwlrD
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwxr8
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2884892722.000000001DAC0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005508000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                          Source: Synaptics.exe, 00000003.00000002.2856384667.000000000F453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx-
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx9
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxgw
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2827054880.00000000072C5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.0000000007462000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyU
                          Source: Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyo
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyo#
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyo;
                          Source: Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..5
                          Source: Synaptics.exe, 00000003.00000002.2818281828.0000000005531000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyticsL
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.00000000055BB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz%
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz(1
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzl
                          Source: Synaptics.exe, 00000003.00000002.2854398328.000000000F334000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2855317138.000000000F3ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2828899474.000000000740D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2883753451.000000001DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~#
                          Source: Synaptics.exe, 00000003.00000002.2884892722.000000001DAC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~$
                          Source: Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~%
                          Source: Synaptics.exe, 00000003.00000002.2818281828.00000000055BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~.b
                          Source: Synaptics.exe, 00000003.00000002.2853031851.000000000F28D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~?
                          Source: Synaptics.exe, 00000003.00000002.2850885353.000000000F1CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~Z9
                          Source: Synaptics.exe, 00000003.00000002.2889032151.000000001DC69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~a
                          Source: file.exe, 00000000.00000003.2068071380.00000000026F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                          Source: file.exe, 00000000.00000003.2068071380.00000000026F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                          Source: file.exe, 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe.0.dr, RCX7988.tmp.0.dr, ~$cache1.3.dr, ~DFDCD4F54ECC155DD9.TMP.4.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                          Source: Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                          Source: Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182104125.00000000055A6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                          Source: Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2890185292.000000001DCBF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2856384667.000000000F483000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182104125.00000000055A6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2891388930.000000001DDB5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2886279964.000000001DB16000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005508000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182711908.0000000000778000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182711908.00000000007B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                          Source: Synaptics.exe, 00000003.00000002.2813529091.00000000007B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                          Source: Synaptics.exe, 00000003.00000002.2813529091.00000000007B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182711908.00000000007B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                          Source: Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcA
                          Source: Synaptics.exe, 00000003.00000002.2818281828.00000000055BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadek
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhat
                          Source: Synaptics.exe, 00000003.00000002.2887890002.000000001DC08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadww.goog
                          Source: Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/w
                          Source: file.exe, 00000000.00000003.2068071380.00000000026F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=
                          Source: file.exe, 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe.0.dr, RCX7988.tmp.0.dr, ~$cache1.3.drString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                          Source: Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                          Source: file.exe, 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe.0.dr, RCX7988.tmp.0.dr, ~$cache1.3.drString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                          Source: Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                          Source: file.exe, 00000000.00000003.2068071380.00000000026F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlX
                          Source: file.exe, 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe.0.dr, RCX7988.tmp.0.dr, ~$cache1.3.dr, ~DFDCD4F54ECC155DD9.TMP.4.drString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                          Source: Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55040 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55069
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55197
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55198
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54952 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55079
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55078
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55196
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55190
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54975 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55070
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54998 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55108 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55016 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55119 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55083
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55051 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55189 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55080
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54941 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54964 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55095
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55222 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55190 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55052 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55099
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55093
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55092
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55090
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55131 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54997 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54985 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55027
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55118 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54962 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55026
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55025
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55130 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55149
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55034
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55150
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55151
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55201 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55152
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55213 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55038
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55036
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55157
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55158
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55040
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54896 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55160
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55161
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54974 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55212 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55048
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55169
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55175
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55052
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54897 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55051
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55050
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55171
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55172
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55129 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54940 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55059
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55058
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55152 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55186
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55189
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55068
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54951 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55067
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55184
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55185
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55181
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55107 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55208 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54943 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54966 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54933
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54932
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55140 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54940
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54943
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54942
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54941
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54932 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55181 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55151 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54956
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54951
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54954
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54952
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55139 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54967
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54962
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54966
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55099 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54964
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55117 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55067 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54910 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55150 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54942 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55171 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55221 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54909 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54909
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55149 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54914
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55090 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54911
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54910
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55161 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54954 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54925
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54924
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54923
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54922
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55078 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55011 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55092 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55172 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54896
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54899
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54898
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54897
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54911 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55034 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55160 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54922 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55079 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55184 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55205 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55068 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55080 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54924 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55009 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54975
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54974
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54956 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54933 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55058 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54967 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55207 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55093 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55196 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54984
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54983
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54982
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55024 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54879 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54985
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55185 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54879
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55206 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55069 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55197 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54995
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54994
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55059 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54998
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54877
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54876
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54997
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55158 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54880
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55070 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55169 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54923 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54888
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54887
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55008 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55036 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54880 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54914 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55107
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55025 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55108
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55157 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55109
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55186 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55110
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55083 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55175 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55117
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54984 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55118
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55119
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55121
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55048 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54995 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55006
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55129
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54983 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55009
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55008
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55131
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55132
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55026 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55011
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55130
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54887 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55198 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55100 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55017
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55139
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55016
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54898 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55024
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55140
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55038 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54876 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54899 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55050 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54994 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55121 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55006 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55027 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55109 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55017 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55205
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55206
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55207
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55208
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55201
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55132 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54925 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54877 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55095 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54982 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 55110 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55212
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55213
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55100
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55221
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55222
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
                          Source: unknownNetwork traffic detected: HTTP traffic on port 54888 -> 443
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49709 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49710 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:49716 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:49717 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49719 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49720 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49725 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49726 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49739 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:49738 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49740 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49744 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49746 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49749 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49748 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:49751 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:49769 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:49776 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49777 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49779 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:49780 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49792 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49796 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49812 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:49815 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49813 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:49816 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49827 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49828 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49842 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49839 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49850 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49857 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49881 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:49883 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49882 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49892 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49895 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49904 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:49906 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54876 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54877 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54896 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:54897 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:54899 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54898 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54909 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54910 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54923 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54922 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54940 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:54941 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:54943 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54942 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54962 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54964 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:54983 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:54984 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54994 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:54997 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:55027 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:55025 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55026 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55024 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55034 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:55036 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55038 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:55040 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55048 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55051 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:55068 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55067 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55069 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:55070 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55078 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55079 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55090 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55093 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55107 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55109 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55117 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55119 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55149 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:55150 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55151 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:55152 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55169 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55171 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55189 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55190 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:55197 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.5:55201 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55206 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.5:55205 version: TLS 1.2

                          System Summary

                          barindex
                          Document contains an embedded VBA macro with suspicious strings
                          Source: nnx85ahz.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                          Source: nnx85ahz.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: nnx85ahz.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: nnx85ahz.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: nnx85ahz.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                          Source: nnx85ahz.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                          Source: nnx85ahz.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                          Source: nnx85ahz.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                          Source: nnx85ahz.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                          Source: nnx85ahz.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                          Source: nnx85ahz.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                          Source: BJZFPPWAPT.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                          Source: BJZFPPWAPT.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: BJZFPPWAPT.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: BJZFPPWAPT.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: BJZFPPWAPT.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                          Source: BJZFPPWAPT.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                          Source: BJZFPPWAPT.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                          Source: BJZFPPWAPT.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                          Source: BJZFPPWAPT.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                          Source: BJZFPPWAPT.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                          Source: BJZFPPWAPT.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                          Document contains an embedded VBA with functions possibly related to ADO stream file operations
                          Source: nnx85ahz.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                          Source: BJZFPPWAPT.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                          Document contains an embedded VBA with functions possibly related to HTTP operations
                          Source: nnx85ahz.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                          Source: BJZFPPWAPT.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                          Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                          Source: nnx85ahz.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                          Source: BJZFPPWAPT.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01003972 OpenEventA,WaitForSingleObject,CloseHandle,Sleep,LoadLibraryA,GetProcAddress,WaitForSingleObject,GetLastError,InitiateSystemShutdownA,GetLastError,WaitForSingleObject,GetLastError,GetVersionExA,GetVersionExA,GetVersionExA,GetSystemDirectoryA,strchr,CreateFileA,FlushFileBuffers,CloseHandle,NtShutdownSystem,FreeLibrary,2_2_01003972
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_0100358B NtOpenProcessToken,NtAdjustPrivilegesToken,NtClose,NtClose,2_2_0100358B
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010034F4 NtOpenProcessToken,NtAdjustPrivilegesToken,NtClose,NtClose,2_2_010034F4
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01002B13: GetDriveTypeA,CreateFileA,DeviceIoControl,CloseHandle,2_2_01002B13
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01003972 OpenEventA,WaitForSingleObject,CloseHandle,Sleep,LoadLibraryA,GetProcAddress,WaitForSingleObject,GetLastError,InitiateSystemShutdownA,GetLastError,WaitForSingleObject,GetLastError,GetVersionExA,GetVersionExA,GetVersionExA,GetSystemDirectoryA,strchr,CreateFileA,FlushFileBuffers,CloseHandle,NtShutdownSystem,FreeLibrary,2_2_01003972
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC54E0D ExitWindowsEx,5_2_6CC54E0D
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010089062_2_01008906
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_0100911E2_2_0100911E
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010095582_2_01009558
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010082862_2_01008286
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_0100859D2_2_0100859D
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01008CC52_2_01008CC5
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_640ECBE65_2_640ECBE6
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC89F125_2_6CC89F12
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC8A9BE5_2_6CC8A9BE
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC6E49E5_2_6CC6E49E
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC8A4685_2_6CC8A468
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC8C65E5_2_6CC8C65E
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC2F7905_2_6CC2F790
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC8B09F5_2_6CC8B09F
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC8C00B5_2_6CC8C00B
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6E339A505_2_6E339A50
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6E34D81C5_2_6E34D81C
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6E34D0645_2_6E34D064
                          Source: nnx85ahz.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                          Source: nnx85ahz.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                          Source: BJZFPPWAPT.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                          Source: BJZFPPWAPT.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: String function: 6CC239AD appears 43 times
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: String function: 6CC5833E appears 579 times
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: String function: 640EE8E8 appears 149 times
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: String function: 6410265B appears 183 times
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: String function: 6CC585BC appears 56 times
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: String function: 6CC86E1A appears 549 times
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: String function: 6CC78B7A appears 109 times
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 13876
                          Source: file.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                          Source: file.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                          Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: RCX7988.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: SetupResources.dll4.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                          Source: ~$cache1.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: SetupResources.dll1.2.drStatic PE information: No import functions for PE file found
                          Source: SetupResources.dll4.2.drStatic PE information: No import functions for PE file found
                          Source: SetupResources.dll.2.drStatic PE information: No import functions for PE file found
                          Source: SetupResources.dll8.2.drStatic PE information: No import functions for PE file found
                          Source: SetupResources.dll3.2.drStatic PE information: No import functions for PE file found
                          Source: SetupResources.dll6.2.drStatic PE information: No import functions for PE file found
                          Source: SetupResources.dll0.2.drStatic PE information: No import functions for PE file found
                          Source: SetupResources.dll5.2.drStatic PE information: No import functions for PE file found
                          Source: SetupResources.dll2.2.drStatic PE information: No import functions for PE file found
                          Source: SetupResources.dll7.2.drStatic PE information: No import functions for PE file found
                          Source: file.exe, 00000000.00000003.2068153253.0000000000CF5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs file.exe
                          Source: file.exe, 00000000.00000003.2068071380.00000000026F0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs file.exe
                          Source: file.exe, 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs file.exe
                          Source: ._cache_file.exe, 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcredist_x86.exe~/ vs file.exe
                          Source: ._cache_file.exe, 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenameSFXCAB.EXEj% vs file.exe
                          Source: file.exeBinary or memory string: OriginalFileName vs file.exe
                          Source: file.exeBinary or memory string: OriginalFilenamevcredist_x86.exe~/ vs file.exe
                          Source: file.exeBinary or memory string: OriginalFilenameSFXCAB.EXEj% vs file.exe
                          Source: file.exeBinary or memory string: OriginalFilenameb! vs file.exe
                          Source: ._cache_file.exe.0.drBinary or memory string: OriginalFilenamevcredist_x86.exe~/ vs file.exe
                          Source: ._cache_file.exe.0.drBinary or memory string: OriginalFilenameSFXCAB.EXEj% vs file.exe
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                          Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@11/138@14/3
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_640F681A __EH_prolog3,GetLastError,GetLastError,SetLastError,SetLastError,FormatMessageW,GetLastError,SetLastError,LocalFree,5_2_640F681A
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC54DC9 AdjustTokenPrivileges,5_2_6CC54DC9
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01004F6B InitializeSecurityDescriptor,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,GetCurrentDirectoryA,GetSystemDirectoryA,QueryDosDeviceA,_strlwr,strstr,strstr,strstr,GetDiskFreeSpaceA,CryptAcquireContextA,sprintf,CryptGenRandom,sprintf,sprintf,CryptReleaseContext,GetSystemTime,SystemTimeToFileTime,DialogBoxParamA,DosDateTimeToFileTime,LocalFileTimeToFileTime,SetFileTime,CloseHandle,SendDlgItemMessageA,MoveFileExA,strstr,_stricmp,SendDlgItemMessageA,GetLastError,CreateFileA,SetFilePointer,SetFilePointer,SetEndOfFile,SetFilePointer,2_2_01004F6B
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_640DEFE2 CreateToolhelp32Snapshot,_memset,Process32FirstW,Process32NextW,CloseHandle,5_2_640DEFE2
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_640F6525 __EH_prolog3_catch,CoInitialize,CoCreateInstance,CoUninitialize,__CxxThrowException@8,5_2_640F6525
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_640F7A10 LoadResource,LockResource,SizeofResource,5_2_640F7A10
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC4E9B4 ChangeServiceConfigW,5_2_6CC4E9B4
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\._cache_file.exeJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\VC_Redist_SetupMutex
                          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5796
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\AppData\Local\Temp\nnx85ahz.xlsmJump to behavior
                          Source: Yara matchFile source: file.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.file.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX7988.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCommand line argument: pJh5_2_006849C0
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: file.exeReversingLabs: Detection: 89%
                          Source: Setup.exeString found in binary or memory: Pre-Installation Warnings:
                          Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\._cache_file.exe "C:\Users\user\Desktop\._cache_file.exe"
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                          Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                          Source: C:\Users\user\Desktop\._cache_file.exeProcess created: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exe c:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exe
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 13876
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\._cache_file.exe "C:\Users\user\Desktop\._cache_file.exe" Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeProcess created: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exe c:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: netapi32.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: twext.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: policymanager.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: msvcp110_win.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: ntshrui.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: cscapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: shacct.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: idstore.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: twinapi.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: samlib.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: starttiledata.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: acppage.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: msi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: aepic.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wlidprov.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: samcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: provsvc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: twext.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: ntshrui.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: starttiledata.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: acppage.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: msi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: aepic.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: clusapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: wkscli.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: cscapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: feclient.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: acgenral.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: samcli.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msacm32.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: version.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: dwmapi.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: winmmbase.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: winmmbase.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: setupengine.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msi.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: sqmapi.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msxml3.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msxml3.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msxml3.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msxml3.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msxml3.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msxml3.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msxml3.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msxml3.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msxml3.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msxml3.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msxml3.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msxml3.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msxml3.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msxml3.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msxml3.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: setupui.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msxml6.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msxml3.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: riched20.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: usp10.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msls31.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: networkexplorer.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: thumbcache.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: ntshrui.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: cscapi.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: assignedaccessruntime.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: xmllite.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: linkinfo.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: structuredquery.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: dataexchange.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: d3d11.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: dcomp.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: dxgi.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: twinapi.appcore.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: windows.storage.search.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: policymanager.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: msvcp110_win.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: mrmcorer.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: windows.staterepositorycore.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: bcp47mrm.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: windows.ui.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: windowmanagementapi.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: inputhost.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: wkscli.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: provsvc.dllJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\9aMfrhP.iniJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeWindow found: window name: SysTabControl32Jump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeWindow detected: MICROSOFT SOFTWARE LICENSE TERMSMICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIESThese license terms are an agreement between Microsoft Corporation (or based on where you live one of its affiliates) and you. Please read them. They apply to the software named above which includes the media on which you received it if any. The terms also apply to any MicrosoftupdatessupplementsInternet-based services and support servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.If you comply with these license terms you have the rights below.1.INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2.Scope of License. The software is licensed not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may notdisclose the results of any benchmark tests of the software to any third party without Microsofts prior written approval;work around any technical limitations in the software;reverse engineer decompile or disassemble the software except and only to the extent that applicable law expressly permits despite this limitation;make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;publish the software for others to copy;rent lease or lend the software;transfer the software or this agreement to any third party; oruse the software for commercial software hosting services.3.BACKUP COPY. You may make one backup copy of the software. You may use it only to reinstall the software.4.DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.5.Export Restrictions. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations end users and end use. For additional information see www.microsoft.com/exporting <http://www.microsoft.com/exporting>.6.SUPPORT SERVICES. Because this software is as is we may not provide support services for it.7.Entire Agreement. This agreement and the terms for supplements updates Internet-based services and support services that you use are the entire agreement for the software and support services.8.Applicable Law.a.United States. If you acquired the software in the United States Washington state law governs the interpretation of this agreement and applies to claims for breach of it regardless of conflict
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                          Source: file.exeStatic file information: File size 5844992 > 1048576
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                          Source: file.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x4e8800
                          Source: Binary string: sfxcab.pdb source: file.exe, ._cache_file.exe.0.dr, Synaptics.exe.0.dr
                          Source: Binary string: sqmapi.pdb source: Setup.exe, Setup.exe, 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, sqmapi.dll.2.dr
                          Source: Binary string: SetupEngine.pdb source: Setup.exe, Setup.exe, 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, SetupEngine.dll.2.dr
                          Source: Binary string: patchhooks.pdbX source: vc_red.msi.2.dr
                          Source: Binary string: patchhooks.pdb source: vc_red.msi.2.dr
                          Source: Binary string: Setup.pdb source: Setup.exe, Setup.exe, 00000005.00000002.3307402281.0000000000681000.00000020.00000001.01000000.00000008.sdmp, Setup.exe, 00000005.00000000.2079340723.0000000000681000.00000020.00000001.01000000.00000008.sdmp, Setup.exe.2.dr
                          Source: Binary string: SetupUi.pdb source: Setup.exe, Setup.exe, 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, SetupUi.dll.2.dr
                          Source: Binary string: SetupResources.pdb source: SetupResources.dll4.2.dr, SetupResources.dll3.2.dr, SetupResources.dll1.2.dr, SetupResources.dll6.2.dr, SetupResources.dll7.2.dr, SetupResources.dll.2.dr, SetupResources.dll5.2.dr, SetupResources.dll2.2.dr, SetupResources.dll0.2.dr, SetupResources.dll8.2.dr
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010029C2 GetSystemDirectoryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,2_2_010029C2
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010065F3 push ecx; ret 2_2_01006603
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_00683DF5 push ecx; ret 5_2_00683E08
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_64102709 push ecx; ret 5_2_6410271C
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_640FAA75 push ecx; ret 5_2_640FAA88
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC9BF74 pushad ; retf 5_2_6CC9BF8A
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC86F06 push ecx; ret 5_2_6CC86F19
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC7E265 push ecx; ret 5_2_6CC7E278
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6E331B89 push ecx; ret 5_2_6E331B9C
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6E334821 push ecx; ret 5_2_6E334834

                          Persistence and Installation Behavior

                          barindex
                          Drops PE files to the document folder of the user
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\1fc170e2ba0f8da87b9ffca6da4e715d\1041\SetupResources.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\1fc170e2ba0f8da87b9ffca6da4e715d\1040\SetupResources.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\1fc170e2ba0f8da87b9ffca6da4e715d\1028\SetupResources.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\Synaptics\RCX7988.tmpJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\1fc170e2ba0f8da87b9ffca6da4e715d\SetupUi.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\1fc170e2ba0f8da87b9ffca6da4e715d\2052\SetupResources.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\._cache_file.exeJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\1fc170e2ba0f8da87b9ffca6da4e715d\3082\SetupResources.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\1fc170e2ba0f8da87b9ffca6da4e715d\SetupEngine.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\1fc170e2ba0f8da87b9ffca6da4e715d\1042\SetupResources.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\1fc170e2ba0f8da87b9ffca6da4e715d\sqmapi.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\1fc170e2ba0f8da87b9ffca6da4e715d\1036\SetupResources.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\1fc170e2ba0f8da87b9ffca6da4e715d\1049\SetupResources.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\1fc170e2ba0f8da87b9ffca6da4e715d\1031\SetupResources.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\1fc170e2ba0f8da87b9ffca6da4e715d\1033\SetupResources.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\Synaptics\RCX7988.tmpJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\1fc170e2ba0f8da87b9ffca6da4e715d\1033\eula.rtfJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\1fc170e2ba0f8da87b9ffca6da4e715d\1041\eula.rtfJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\1fc170e2ba0f8da87b9ffca6da4e715d\1042\eula.rtfJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\1fc170e2ba0f8da87b9ffca6da4e715d\1028\eula.rtfJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\1fc170e2ba0f8da87b9ffca6da4e715d\2052\eula.rtfJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\1fc170e2ba0f8da87b9ffca6da4e715d\1040\eula.rtfJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\1fc170e2ba0f8da87b9ffca6da4e715d\1036\eula.rtfJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\1fc170e2ba0f8da87b9ffca6da4e715d\1031\eula.rtfJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\1fc170e2ba0f8da87b9ffca6da4e715d\3082\eula.rtfJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\1fc170e2ba0f8da87b9ffca6da4e715d\1049\eula.rtfJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\VSSetupJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC4F721 StartServiceW,5_2_6CC4F721
                          Source: C:\Users\user\Desktop\file.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                          Source: C:\Users\user\Desktop\file.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\1fc170e2ba0f8da87b9ffca6da4e715d\1041\SetupResources.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\1fc170e2ba0f8da87b9ffca6da4e715d\1040\SetupResources.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\1fc170e2ba0f8da87b9ffca6da4e715d\1028\SetupResources.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\1fc170e2ba0f8da87b9ffca6da4e715d\2052\SetupResources.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\1fc170e2ba0f8da87b9ffca6da4e715d\3082\SetupResources.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\1fc170e2ba0f8da87b9ffca6da4e715d\1042\SetupResources.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\1fc170e2ba0f8da87b9ffca6da4e715d\1036\SetupResources.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\1fc170e2ba0f8da87b9ffca6da4e715d\1049\SetupResources.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\1fc170e2ba0f8da87b9ffca6da4e715d\1031\SetupResources.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\1fc170e2ba0f8da87b9ffca6da4e715d\1033\SetupResources.dllJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_file.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-2915
                          Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 3364Thread sleep count: 86 > 30Jump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 3364Thread sleep time: -5160000s >= -30000sJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 6136Thread sleep time: -60000s >= -30000sJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeLast function: Thread delayed
                          Source: C:\ProgramData\Synaptics\Synaptics.exeLast function: Thread delayed
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010046B9 SendDlgItemMessageA,strstr,SetFileAttributesA,GetLastError,CopyFileA,SendDlgItemMessageA,strstr,SetFileAttributesA,CopyFileA,GetLastError,CopyFileA,SetFileAttributesA,SendDlgItemMessageA,_strlwr,GetLastError,MoveFileA,MoveFileA,_strlwr,strstr,FindFirstFileA,strrchr,SendDlgItemMessageA,DeleteFileA,Sleep,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,strchr,strrchr,SendDlgItemMessageA,2_2_010046B9
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC35B82 __EH_prolog3_GS,_memset,FindFirstFileW,FindNextFileW,FindClose,5_2_6CC35B82
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC3410A FindFirstFileW,GetFullPathNameW,SetLastError,_wcsrchr,_wcsrchr,5_2_6CC3410A
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6E334281 memset,EnterCriticalSection,FindFirstFileW,LeaveCriticalSection,ctype,FindNextFileW,FindClose,ResetEvent,CreateThread,CloseHandle,GetLastError,5_2_6E334281
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6E348097 memset,memset,FindFirstFileW,DeleteFileW,GetLastError,FindNextFileW,FindClose,5_2_6E348097
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC60C91 __EH_prolog3_GS,GetModuleHandleW,GetLastError,GetSystemInfo,GetNativeSystemInfo,GetLastError,GetLastError,GetLastError,_memset,GetNativeSystemInfo,GetLastError,5_2_6CC60C91
                          Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                          Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                          Source: Amcache.hve.13.drBinary or memory string: VMware
                          Source: Amcache.hve.13.drBinary or memory string: VMware Virtual USB Mouse
                          Source: Amcache.hve.13.drBinary or memory string: vmci.syshbin
                          Source: Amcache.hve.13.drBinary or memory string: VMware, Inc.
                          Source: Amcache.hve.13.drBinary or memory string: VMware20,1hbin@
                          Source: Amcache.hve.13.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                          Source: Amcache.hve.13.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: Amcache.hve.13.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.000000000070A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: Amcache.hve.13.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: Amcache.hve.13.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                          Source: Amcache.hve.13.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                          Source: Amcache.hve.13.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: Amcache.hve.13.drBinary or memory string: vmci.sys
                          Source: Amcache.hve.13.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                          Source: Amcache.hve.13.drBinary or memory string: vmci.syshbin`
                          Source: Amcache.hve.13.drBinary or memory string: \driver\vmci,\driver\pci
                          Source: Amcache.hve.13.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: Amcache.hve.13.drBinary or memory string: VMware20,1
                          Source: Amcache.hve.13.drBinary or memory string: Microsoft Hyper-V Generation Counter
                          Source: Amcache.hve.13.drBinary or memory string: NECVMWar VMware SATA CD00
                          Source: Amcache.hve.13.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                          Source: file.exe, 00000000.00000003.2068153253.0000000000CF5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}iayR
                          Source: Amcache.hve.13.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                          Source: Amcache.hve.13.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                          Source: Amcache.hve.13.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                          Source: Amcache.hve.13.drBinary or memory string: VMware PCI VMCI Bus Device
                          Source: Amcache.hve.13.drBinary or memory string: VMware VMCI Bus Device
                          Source: Amcache.hve.13.drBinary or memory string: VMware Virtual RAM
                          Source: Synaptics.exe, 00000003.00000002.2813529091.0000000000752000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
                          Source: Amcache.hve.13.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                          Source: Amcache.hve.13.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                          Source: C:\Users\user\Desktop\._cache_file.exeAPI call chain: ExitProcess graph end nodegraph_2-2542
                          Source: C:\Users\user\Desktop\._cache_file.exeAPI call chain: ExitProcess graph end nodegraph_2-2877
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeAPI call chain: ExitProcess graph end nodegraph_5-72358
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeAPI call chain: ExitProcess graph end nodegraph_5-73365
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess queried: DebugPortJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_00682BA5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00682BA5
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC7C78B VirtualProtect ?,-00000001,00000104,?5_2_6CC7C78B
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010029C2 GetSystemDirectoryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,2_2_010029C2
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01005899 InitializeCriticalSectionAndSpinCount,#17,GetProcessHeap,CreateEventA,CreateEventA,CreateEventA,CreateThread,WaitForSingleObject,SendDlgItemMessageA,Sleep,ShowWindow,SetParent,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,ShowWindow,LoadStringA,LoadStringA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,ShowWindow,CreateFileA,GetFileSize,ReadFile,CloseHandle,DeleteFileA,SendDlgItemMessageA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,ExpandEnvironmentStringsA,CreateProcessA,ShowWindow,WaitForSingleObject,GetExitCodeProcess,CloseHandle,ShowWindow,LoadStringA,MessageBoxA,DeleteCriticalSection,ExitProcess,2_2_01005899
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010062FF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_010062FF
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_00682BA5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00682BA5
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_006845BE _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_006845BE
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_640F87C1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_640F87C1
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_640FB38A _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_640FB38A
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC576A7 __EH_prolog3,GetModuleHandleW,GetProcAddress,SetThreadStackGuarantee,SetUnhandledExceptionFilter,GetCommandLineW,5_2_6CC576A7
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC7EB6A _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_6CC7EB6A
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC7B091 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_6CC7B091
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6E33171F SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_6E33171F
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeMemory allocated: page read and write | page guardJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\._cache_file.exe "C:\Users\user\Desktop\._cache_file.exe" Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01004F6B InitializeSecurityDescriptor,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,GetCurrentDirectoryA,GetSystemDirectoryA,QueryDosDeviceA,_strlwr,strstr,strstr,strstr,GetDiskFreeSpaceA,CryptAcquireContextA,sprintf,CryptGenRandom,sprintf,sprintf,CryptReleaseContext,GetSystemTime,SystemTimeToFileTime,DialogBoxParamA,DosDateTimeToFileTime,LocalFileTimeToFileTime,SetFileTime,CloseHandle,SendDlgItemMessageA,MoveFileExA,strstr,_stricmp,SendDlgItemMessageA,GetLastError,CreateFileA,SetFilePointer,SetFilePointer,SetEndOfFile,SetFilePointer,2_2_01004F6B
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01003D02 AllocateAndInitializeSid,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,GetLengthSid,GetTokenInformation,GetLengthSid,2_2_01003D02
                          Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01004F6B InitializeSecurityDescriptor,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,GetCurrentDirectoryA,GetSystemDirectoryA,QueryDosDeviceA,_strlwr,strstr,strstr,strstr,GetDiskFreeSpaceA,CryptAcquireContextA,sprintf,CryptGenRandom,sprintf,sprintf,CryptReleaseContext,GetSystemTime,SystemTimeToFileTime,DialogBoxParamA,DosDateTimeToFileTime,LocalFileTimeToFileTime,SetFileTime,CloseHandle,SendDlgItemMessageA,MoveFileExA,strstr,_stricmp,SendDlgItemMessageA,GetLastError,CreateFileA,SetFilePointer,SetFilePointer,SetEndOfFile,SetFilePointer,2_2_01004F6B
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeCode function: 5_2_6CC57B40 __EH_prolog3_GS,GetCommandLineW,_memset,GetTimeZoneInformation,GetThreadLocale,5_2_6CC57B40
                          Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01003972 OpenEventA,WaitForSingleObject,CloseHandle,Sleep,LoadLibraryA,GetProcAddress,WaitForSingleObject,GetLastError,InitiateSystemShutdownA,GetLastError,WaitForSingleObject,GetLastError,GetVersionExA,GetVersionExA,GetVersionExA,GetSystemDirectoryA,strchr,CreateFileA,FlushFileBuffers,CloseHandle,NtShutdownSystem,FreeLibrary,2_2_01003972
                          Source: C:\Users\user\Desktop\._cache_file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: Amcache.hve.13.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                          Source: Amcache.hve.13.drBinary or memory string: msmpeng.exe
                          Source: Amcache.hve.13.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                          Source: Amcache.hve.13.drBinary or memory string: MsMpEng.exe

                          Stealing of Sensitive Information

                          barindex
                          Yara detected XRed
                          Source: Yara matchFile source: file.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.file.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 1708, type: MEMORYSTR
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX7988.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                          Source: C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior

                          Remote Access Functionality

                          barindex
                          Yara detected XRed
                          Source: Yara matchFile source: file.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.file.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 1708, type: MEMORYSTR
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX7988.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity Information41
                          Scripting                          		1
                          Replication Through Removable Media                          		2
                          Native API                          		41
                          Scripting                          		1
                          DLL Side-Loading                          		11
                          Disable or Modify Tools                          		OS Credential Dumping2
                          System Time Discovery                          		Remote Services1
                          Archive Collected Data                          		4
                          Ingress Tool Transfer                          		Exfiltration Over Other Network Medium1
                          System Shutdown/Reboot
                          CredentialsDomainsDefault Accounts3
                          Command and Scripting Interpreter                          		1
                          DLL Side-Loading                          		1
                          Extra Window Memory Injection                          		1
                          Deobfuscate/Decode Files or Information                          		LSASS Memory1
                          Peripheral Device Discovery                          		Remote Desktop Protocol1
                          Data from Local System                          		21
                          Encrypted Channel                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain Accounts2
                          Service Execution                          		11
                          Windows Service                          		1
                          Access Token Manipulation                          		2
                          Obfuscated Files or Information                          		Security Account Manager14
                          File and Directory Discovery                          		SMB/Windows Admin SharesData from Network Shared Drive3
                          Non-Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCron1
                          Registry Run Keys / Startup Folder                          		11
                          Windows Service                          		1
                          DLL Side-Loading                          		NTDS28
                          System Information Discovery                          		Distributed Component Object ModelInput Capture34
                          Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
                          Process Injection                          		1
                          Extra Window Memory Injection                          		LSA Secrets1
                          Query Registry                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                          Registry Run Keys / Startup Folder                          		12
                          Masquerading                          		Cached Domain Credentials141
                          Security Software Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
                          Virtualization/Sandbox Evasion                          		DCSync21
                          Virtualization/Sandbox Evasion                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                          Access Token Manipulation                          		Proc Filesystem2
                          Process Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
                          Process Injection                          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1583481 Sample: file.exe Startdate: 02/01/2025 Architecture: WINDOWS Score: 100 44 freedns.afraid.org 2->44 46 xred.mooo.com 2->46 48 7 other IPs or domains 2->48 56 Suricata IDS alerts for network traffic 2->56 58 Found malware configuration 2->58 60 Antivirus detection for URL or domain 2->60 64 12 other signatures 2->64 8 file.exe 1 6 2->8         started        11 EXCEL.EXE 231 58 2->11         started        signatures3 62 Uses dynamic DNS services 44->62 process4 file5 26 C:\ProgramData\Synaptics\Synaptics.exe, PE32 8->26 dropped 28 C:\ProgramData\Synaptics\RCX7988.tmp, PE32 8->28 dropped 30 C:\...\Synaptics.exe:Zone.Identifier, ASCII 8->30 dropped 32 C:\Users\user\Desktop\._cache_file.exe, PE32 8->32 dropped 13 Synaptics.exe 112 8->13         started        18 ._cache_file.exe 77 8->18         started        20 splwow64.exe 11->20         started        process6 dnsIp7 50 docs.google.com 142.250.185.174, 443, 49709, 49710 GOOGLEUS United States 13->50 52 drive.usercontent.google.com 142.250.185.65, 443, 49716, 49717 GOOGLEUS United States 13->52 54 freedns.afraid.org 69.42.215.252, 49713, 80 AWKNET-LLCUS United States 13->54 34 C:\Users\user\Documents\~$cache1, PE32 13->34 dropped 66 Antivirus detection for dropped file 13->66 68 Multi AV Scanner detection for dropped file 13->68 70 Drops PE files to the document folder of the user 13->70 72 Machine Learning detection for dropped file 13->72 22 WerFault.exe 13->22         started        36 C:\...\sqmapi.dll, PE32 18->36 dropped 38 C:\...\SetupUi.dll, PE32 18->38 dropped 40 C:\...\SetupEngine.dll, PE32 18->40 dropped 42 11 other files (none is malicious) 18->42 dropped 24 Setup.exe 9 23 18->24         started        file8 signatures9 process10

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          file.exe89%ReversingLabsWin32.Worm.Zorex
                          file.exe100%AviraTR/Dldr.Agent.SH
                          file.exe100%AviraW2000M/Dldr.Agent.17651006
                          file.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                          C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                          C:\ProgramData\Synaptics\RCX7988.tmp100%AviraTR/Dldr.Agent.SH
                          C:\ProgramData\Synaptics\RCX7988.tmp100%AviraW2000M/Dldr.Agent.17651006
                          C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                          C:\ProgramData\Synaptics\RCX7988.tmp100%Joe Sandbox ML
                          C:\1fc170e2ba0f8da87b9ffca6da4e715d\1028\SetupResources.dll0%ReversingLabs
                          C:\1fc170e2ba0f8da87b9ffca6da4e715d\1031\SetupResources.dll0%ReversingLabs
                          C:\1fc170e2ba0f8da87b9ffca6da4e715d\1033\SetupResources.dll0%ReversingLabs
                          C:\1fc170e2ba0f8da87b9ffca6da4e715d\1036\SetupResources.dll0%ReversingLabs
                          C:\1fc170e2ba0f8da87b9ffca6da4e715d\1040\SetupResources.dll0%ReversingLabs
                          C:\1fc170e2ba0f8da87b9ffca6da4e715d\1041\SetupResources.dll0%ReversingLabs
                          C:\1fc170e2ba0f8da87b9ffca6da4e715d\1042\SetupResources.dll0%ReversingLabs
                          C:\1fc170e2ba0f8da87b9ffca6da4e715d\1049\SetupResources.dll0%ReversingLabs
                          C:\1fc170e2ba0f8da87b9ffca6da4e715d\2052\SetupResources.dll0%ReversingLabs
                          C:\1fc170e2ba0f8da87b9ffca6da4e715d\3082\SetupResources.dll0%ReversingLabs
                          C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exe0%ReversingLabs
                          C:\1fc170e2ba0f8da87b9ffca6da4e715d\SetupEngine.dll0%ReversingLabs
                          C:\1fc170e2ba0f8da87b9ffca6da4e715d\SetupUi.dll0%ReversingLabs
                          C:\1fc170e2ba0f8da87b9ffca6da4e715d\sqmapi.dll0%ReversingLabs
                          C:\ProgramData\Synaptics\RCX7988.tmp94%ReversingLabsWin32.Backdoor.DarkComet
                          C:\ProgramData\Synaptics\Synaptics.exe89%ReversingLabsWin32.Worm.Zorex
                          C:\Users\user\Desktop\._cache_file.exe0%ReversingLabs
                          C:\Users\user\Documents\~$cache194%ReversingLabsWin32.Backdoor.DarkComet

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          http://xred.site50.net/syn/Synaptics.rarZ100%Avira URL Cloudmalware
                          http://xred.site50.net/syn/SUpdate.iniZ100%Avira URL Cloudmalware
                          http://xred.site50.net/syn/SSLLibrary.dll6100%Avira URL Cloudmalware

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          freedns.afraid.org
                          		69.42.215.252
                          		truefalse
                            		high
                            docs.google.com
                            		142.250.185.174
                            		truefalse
                              		high
                              s-part-0017.t-0009.fb-t-msedge.net
                              		13.107.253.45
                              		truefalse
                                		high
                                s-part-0017.t-0009.t-msedge.net
                                		13.107.246.45
                                		truefalse
                                  		high
                                  drive.usercontent.google.com
                                  		142.250.185.65
                                  		truefalse
                                    		high
                                    15.164.165.52.in-addr.arpa
                                    		unknown
                                    		unknownfalse
                                      		high
                                      xred.mooo.com
                                      		unknown
                                      		unknownfalse
                                        		high

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        xred.mooo.comfalse
                                          		high
                                          http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                            		high

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=file.exe, 00000000.00000003.2068071380.00000000026F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1file.exe, 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe.0.dr, RCX7988.tmp.0.dr, ~$cache1.3.drfalse
                                                		high
                                                https://docs.google.com/ncellemeSynaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://docs.google.com/google.com/eniyor...Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://docs.google.com/0Synaptics.exe, 00000003.00000002.2857469165.000000000F4F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://drive.usercontent.google.com/Synaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182104125.00000000055A6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005508000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://xred.site50.net/syn/Synaptics.rarfile.exe, 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe.0.dr, RCX7988.tmp.0.dr, ~$cache1.3.drfalse
                                                            		high
                                                            http://xred.site50.net/syn/Synaptics.rarhfile.exe, 00000000.00000003.2068071380.00000000026F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://docs.google.com/Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005522000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2182711908.0000000000778000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2813529091.000000000073C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlXfile.exe, 00000000.00000003.2068071380.00000000026F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://xred.site50.net/syn/SSLLibrary.dll6Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: malware
                                                                  		unknown
                                                                  https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://xred.site50.net/syn/SSLLibrary.dlDfile.exe, 00000000.00000003.2068071380.00000000026F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1file.exe, 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe.0.dr, RCX7988.tmp.0.dr, ~$cache1.3.drfalse
                                                                        		high
                                                                        https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1file.exe, 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe.0.dr, RCX7988.tmp.0.dr, ~$cache1.3.dr, ~DFDCD4F54ECC155DD9.TMP.4.drfalse
                                                                          		high
                                                                          http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: malware
                                                                          		unknown
                                                                          http://xred.site50.net/syn/SUpdate.inifile.exe, 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe.0.dr, RCX7988.tmp.0.dr, ~$cache1.3.drfalse
                                                                            		high
                                                                            https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://docs.google.com/ellemeSynaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://docs.google.com/uc?id=0;Synaptics.exe, 00000003.00000002.2862293206.0000000012FBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2859070500.000000001047E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2878898678.000000001ADFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2895742793.0000000020A7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2906092577.0000000025F7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2869433457.000000001837E000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978xfile.exe, 00000000.00000003.2068071380.00000000026F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://xred.site50.net/syn/SSLLibrary.dllfile.exe, 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000003.00000002.2814674463.0000000002160000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe.0.dr, RCX7988.tmp.0.dr, ~$cache1.3.drfalse
                                                                                      		high
                                                                                      https://docs.google.com/iyor...Synaptics.exe, 00000003.00000002.2890490152.000000001DD47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://drive.usercontent.google.com/wSynaptics.exe, 00000003.00000003.2183022031.00000000054F9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2818281828.0000000005508000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high

                                                                                          World Map of Contacted IPs

                                                                                          • No. of IPs < 25%
                                                                                          • 25% < No. of IPs < 50%
                                                                                          • 50% < No. of IPs < 75%
                                                                                          • 75% < No. of IPs

                                                                                          Public IPs

                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                          142.250.185.174
                                                                                          		docs.google.comUnited States
                                                                                          		15169GOOGLEUSfalse
                                                                                          69.42.215.252
                                                                                          		freedns.afraid.orgUnited States
                                                                                          		17048AWKNET-LLCUSfalse
                                                                                          142.250.185.65
                                                                                          		drive.usercontent.google.comUnited States
                                                                                          		15169GOOGLEUSfalse

                                                                                          General Information

                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                          Analysis ID:1583481
                                                                                          Start date and time:2025-01-02 20:30:44 +01:00
                                                                                          Joe Sandbox product:CloudBasic
                                                                                          Overall analysis duration:0h 8m 1s
                                                                                          Hypervisor based Inspection enabled:false
                                                                                          Report type:full
                                                                                          Cookbook file name:default.jbs
                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                          Number of analysed new started processes analysed:15
                                                                                          Number of new started drivers analysed:0
                                                                                          Number of existing processes analysed:0
                                                                                          Number of existing drivers analysed:0
                                                                                          Number of injected processes analysed:0
                                                                                          Technologies:
                                                                                          • HCA enabled
                                                                                          • EGA enabled
                                                                                          • AMSI enabled
                                                                                          Analysis Mode:default
                                                                                          Analysis stop reason:Timeout
                                                                                          Sample name:file.exe
                                                                                          Detection:MAL
                                                                                          Classification:mal100.troj.expl.evad.winEXE@11/138@14/3
                                                                                          EGA Information:
                                                                                          • Successful, ratio: 66.7%
                                                                                          HCA Information:
                                                                                          • Successful, ratio: 91%
                                                                                          • Number of executed functions: 217
                                                                                          • Number of non-executed functions: 192
                                                                                          Cookbook Comments:
                                                                                          • Found application associated with file extension: .exe

                                                                                          Warnings

                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                          • Excluded IPs from analysis (whitelisted): 52.109.32.97, 184.28.90.27, 52.113.194.132, 52.168.117.168, 52.182.143.212, 20.190.159.73, 13.107.253.45, 4.175.87.197, 52.165.164.15, 20.12.23.50, 20.109.210.53, 13.107.246.45
                                                                                          • Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, slscr.update.microsoft.com, otelrules.afd.azureedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, onedscolprdeus07.eastus.cloudapp.azure.com, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net
                                                                                          • Execution Graph export aborted for target Synaptics.exe, PID 5796 because there are no executed function
                                                                                          • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                          • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                          • VT rate limit hit for: file.exe

                                                                                          Simulations

                                                                                          Behavior and APIs

                                                                                          TimeTypeDescription
                                                                                          14:31:43API Interceptor544x Sleep call for process: Synaptics.exe modified
                                                                                          14:31:51API Interceptor1x Sleep call for process: Setup.exe modified
                                                                                          14:32:51API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                          14:33:41API Interceptor2x Sleep call for process: splwow64.exe modified
                                                                                          20:31:40AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe

                                                                                          Joe Sandbox View / Context

                                                                                          IPs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          69.42.215.252file.exeGet hashmaliciousXRedBrowse
                                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                          file.exeGet hashmaliciousXRedBrowse
                                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                          file.exeGet hashmaliciousXRedBrowse
                                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                          file.exeGet hashmaliciousAsyncRAT, XRed, XWormBrowse
                                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                          Open Purchase Order Summary Details-16-12-2024.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                          Open Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                          Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                          Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                          xyxmml.msiGet hashmaliciousXRedBrowse
                                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                          valyzt.msiGet hashmaliciousXRedBrowse
                                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                                          Domains

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          s-part-0017.t-0009.fb-t-msedge.netvalyzt.msiGet hashmaliciousXRedBrowse
                                                                                          • 13.107.253.45
                                                                                          LWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                          • 13.107.253.45
                                                                                          Salary Amendment.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                                                          • 13.107.253.45
                                                                                          IcisR4FC8n.dllGet hashmaliciousUnknownBrowse
                                                                                          • 13.107.253.45
                                                                                          https://thaykinhgiasoc.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9USlBZakE9JnVpZD1VU0VSMTcxMDIwMjRVMDAxMDE3NDA=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                          • 13.107.253.45
                                                                                          file.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                          • 13.107.253.45
                                                                                          pzPO97QouM.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                          • 13.107.253.45
                                                                                          Multi Graphics Inc CustomerVendor Form.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                          • 13.107.253.45
                                                                                          OaSEt8i2jE.exeGet hashmaliciousNjratBrowse
                                                                                          • 13.107.253.45
                                                                                          https://eu.docworkspace.com/d/sIGWvrvOeAYXvpLkGGet hashmaliciousUnknownBrowse
                                                                                          • 13.107.253.45
                                                                                          freedns.afraid.orgfile.exeGet hashmaliciousXRedBrowse
                                                                                          • 69.42.215.252
                                                                                          file.exeGet hashmaliciousXRedBrowse
                                                                                          • 69.42.215.252
                                                                                          file.exeGet hashmaliciousXRedBrowse
                                                                                          • 69.42.215.252
                                                                                          file.exeGet hashmaliciousAsyncRAT, XRed, XWormBrowse
                                                                                          • 69.42.215.252
                                                                                          Open Purchase Order Summary Details-16-12-2024.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                          • 69.42.215.252
                                                                                          Open Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                          • 69.42.215.252
                                                                                          Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                          • 69.42.215.252
                                                                                          Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                          • 69.42.215.252
                                                                                          xyxmml.msiGet hashmaliciousXRedBrowse
                                                                                          • 69.42.215.252
                                                                                          valyzt.msiGet hashmaliciousXRedBrowse
                                                                                          • 69.42.215.252

                                                                                          ASNs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          AWKNET-LLCUSfile.exeGet hashmaliciousXRedBrowse
                                                                                          • 69.42.215.252
                                                                                          file.exeGet hashmaliciousXRedBrowse
                                                                                          • 69.42.215.252
                                                                                          file.exeGet hashmaliciousXRedBrowse
                                                                                          • 69.42.215.252
                                                                                          file.exeGet hashmaliciousXRedBrowse
                                                                                          • 69.42.215.252
                                                                                          file.exeGet hashmaliciousAsyncRAT, XRed, XWormBrowse
                                                                                          • 69.42.215.252
                                                                                          Open Purchase Order Summary Details-16-12-2024.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                          • 69.42.215.252
                                                                                          Open Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                          • 69.42.215.252
                                                                                          Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                          • 69.42.215.252
                                                                                          Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                          • 69.42.215.252
                                                                                          xyxmml.msiGet hashmaliciousXRedBrowse
                                                                                          • 69.42.215.252

                                                                                          JA3 Fingerprints

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousXRedBrowse
                                                                                          • 142.250.185.174
                                                                                          • 142.250.185.65
                                                                                          file.exeGet hashmaliciousXRedBrowse
                                                                                          • 142.250.185.174
                                                                                          • 142.250.185.65
                                                                                          file.exeGet hashmaliciousXRedBrowse
                                                                                          • 142.250.185.174
                                                                                          • 142.250.185.65
                                                                                          file.exeGet hashmaliciousXRedBrowse
                                                                                          • 142.250.185.174
                                                                                          • 142.250.185.65
                                                                                          file.exeGet hashmaliciousAsyncRAT, XRed, XWormBrowse
                                                                                          • 142.250.185.174
                                                                                          • 142.250.185.65
                                                                                          MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zipGet hashmaliciousUnknownBrowse
                                                                                          • 142.250.185.174
                                                                                          • 142.250.185.65
                                                                                          MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zipGet hashmaliciousUnknownBrowse
                                                                                          • 142.250.185.174
                                                                                          • 142.250.185.65
                                                                                          Setup.exe.7zGet hashmaliciousUnknownBrowse
                                                                                          • 142.250.185.174
                                                                                          • 142.250.185.65
                                                                                          45631.exeGet hashmaliciousNitolBrowse
                                                                                          • 142.250.185.174
                                                                                          • 142.250.185.65

                                                                                          Dropped Files

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          C:\1fc170e2ba0f8da87b9ffca6da4e715d\1028\SetupResources.dllfile.exeGet hashmaliciousXRedBrowse
                                                                                            Auu2j0pT0B.exeGet hashmaliciousUnknownBrowse
                                                                                              WIN_SCM_RDM_INSTALL_4.0.4.0.EXEGet hashmaliciousUnknownBrowse
                                                                                                WIN_SCM_RDM_INSTALL_4.0.4.0.EXEGet hashmaliciousUnknownBrowse
                                                                                                  https://storage.googleapis.com/vectric_public/Cut2DDesktopTrialEdition_Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                    https://download.info.apple.com/Mac_OS_X/031-30890-20150812-ea191174-4130-11e5-a125-930911ba098f/bootcamp5.1.5769.zipGet hashmaliciousUnknownBrowse
                                                                                                      Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeGet hashmaliciousUnknownBrowse
                                                                                                        ESjy0irMIn.exeGet hashmaliciousNjratBrowse
                                                                                                          dotNetFx40_Full_setup.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                            Scotiabank_Scanner_Driver_DigitalCheck-42180-1310v3.exeGet hashmaliciousUnknownBrowse

                                                                                                              Created / dropped Files

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\$shtdwn$.req

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):788
                                                                                                              Entropy (8bit):0.09823380614560741
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:lbll/:lB
                                                                                                              MD5:DF7119A5D3CAEDA80BF0FB6F8E53DE8F
                                                                                                              SHA1:76458E1D2E0FA4519FACB71A5F23F8799713BE2B
                                                                                                              SHA-256:3C418A401CBE09F64EDE6E598C5CA36717830446147C8EF6327168EDC7B1CB0C
                                                                                                              SHA-512:85142D1942111783303FA060348BC76B1DD361336DCCC9DC9CDD3432EC6CF215756CBA66A367E560C9D5719BA4F585434319A66D9A97D9A09F5AC4A752B00B6C
                                                                                                              Malicious:false
                                                                                                              Reputation:moderate, very likely benign file
                                                                                                              Preview:Sdwn................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1028\LocalizedData.xml

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (388), with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):30672
                                                                                                              Entropy (8bit):4.2936704552740705
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:4Y6C7xfsxMEYgPNRAsy50keJzH7o3oDPnv:MxLJz7
                                                                                                              MD5:7FC06A77D9AAFCA9FB19FAFA0F919100
                                                                                                              SHA1:E565740E7D582CD73F8D3B12DE2F4579FF18BB41
                                                                                                              SHA-256:A27F809211EA1A2D5224CD01101AA3A59BF7853168E45DE28A16EF7ED6ACD46A
                                                                                                              SHA-512:466DCC6A5FB015BE1619F5725FA62CA46EB0FB428E11F93FD9D82E5DF61C3950B3FB62D4DB7746CC4A2BE199E5E69EAA30B6F3354E0017CFA14D127FAD52F8CF
                                                                                                              Malicious:false
                                                                                                              Reputation:moderate, very likely benign file
                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=."....P.[..z._.... .x.6.4. .s^.S..!q.l.[.(W...Ps^.S.N.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=."....P.[..z._.... .I.A.6.4. .s^.S..!q.l.[.(W...Ps^.S.N.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.U.n.S.u.p.p.o.r.t.e.d.O.S.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=."....P\Omi.|q}.N/e.c .M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.0. ..SI.ce|vWY.N.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c.

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1028\SetupResources.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):14168
                                                                                                              Entropy (8bit):5.9724110685335825
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:fc2+tUfwZWPl53LmlVlSW1g+/axw0lczWpXEWUQKPnEtObMacxc8hjeyveCXzHbk:hzuwLmlCW1g+/kmzWpXEWULXci2jpv3e
                                                                                                              MD5:7C136B92983CEC25F85336056E45F3E8
                                                                                                              SHA1:0BB527E7004601E920E2AAC467518126E5352618
                                                                                                              SHA-256:F2E8CA58FA8D8E694D04E14404DEC4E8EA5F231D3F2E5C2F915BD7914849EB2B
                                                                                                              SHA-512:06DA50DDB2C5F83E6E4B4313CBDAE14EED227EEC85F94024A185C2D7F535B6A68E79337557727B2B40A39739C66D526968AAEDBCFEF04DAB09DC0426CFBEFBF4
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Joe Sandbox View:
                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                              • Filename: Auu2j0pT0B.exe, Detection: malicious, Browse
                                                                                                              • Filename: WIN_SCM_RDM_INSTALL_4.0.4.0.EXE, Detection: malicious, Browse
                                                                                                              • Filename: WIN_SCM_RDM_INSTALL_4.0.4.0.EXE, Detection: malicious, Browse
                                                                                                              • Filename: , Detection: malicious, Browse
                                                                                                              • Filename: , Detection: malicious, Browse
                                                                                                              • Filename: Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe, Detection: malicious, Browse
                                                                                                              • Filename: ESjy0irMIn.exe, Detection: malicious, Browse
                                                                                                              • Filename: dotNetFx40_Full_setup.exe, Detection: malicious, Browse
                                                                                                              • Filename: Scotiabank_Scanner_Driver_DigitalCheck-42180-1310v3.exe, Detection: malicious, Browse
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........................................................@......E.....@.......................................... ..X............ ..X............................................................................................text...G...........................@..@.rsrc.... ... ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1028\eula.rtf

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                                              Category:dropped
                                                                                                              Size (bytes):188446
                                                                                                              Entropy (8bit):4.98936861773382
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:vjB8N7T+SN6FY5PmQlivKawlrIMUkYfkv8CshgJNgRJAoJvIrOJBElrhzxQXK6uG:o7SSN6FYtmQlivKawlrIMUkYfkv8Cs4U
                                                                                                              MD5:129D8E8824B0D545ADC29E571A6E2C02
                                                                                                              SHA1:5A1DDFCD2AE21D96C818D315CB5E263F525A39CD
                                                                                                              SHA-256:83B8268E2874699227F9B1AD3F72A06CBF474EFA3983F5C5EE9BFE415DB98476
                                                                                                              SHA-512:1048F646D5866DC8736DB0A023A65A7E208A5F56774FA8EC5D59E4272A54A9A6E94B01B84293A7EC9F889BAD7865522E783AF30BF61BB9249687DCEAC62066D8
                                                                                                              Malicious:false
                                                                                                              Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch14\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ???????????????????????????\'a1\'ec???};}{\f14\fbidi \froman\fcharset136\fprq2{\*\panose 02020500000000000000}PMingLiU{\*\falt \'b7\'73\'b2\'d3\'a9\'fa\'c5\'e9};}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\fa

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1031\LocalizedData.xml

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (615), with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):41622
                                                                                                              Entropy (8bit):3.577523249714746
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:4nF+jpoHnZi8oO0GOJ2+8q6OUjEYJL/ZiITrKv:V03XjZJL/YIy
                                                                                                              MD5:B83C3803712E61811C438F6E98790369
                                                                                                              SHA1:61A0BC59388786CED045ACD82621BEE8578CAE5A
                                                                                                              SHA-256:2AA6E8D402E44D9EE895B18195F46BF90259DE1B6F44EFD46A7075B110F2DCD6
                                                                                                              SHA-512:E020F93E3A082476087E690AD051F1FEB210E0915924BB4548CC9F53A7EE2760211890EB6036CE9E5E4A311ABC0300E89E25EFBBB894C2A621FFBC9D64CC8A38
                                                                                                              Malicious:false
                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".D.i.e.s.e.s. .S.e.t.u.p.p.r.o.g.r.a.m.m. .e.r.f.o.r.d.e.r.t. .e.i.n.e. .x.6.4.-.P.l.a.t.t.f.o.r.m... .E.s. .k.a.n.n. .n.i.c.h.t. .a.u.f. .d.e.r. .P.l.a.t.t.f.o.r.m. .i.n.s.t.a.l.l.i.e.r.t. .w.e.r.d.e.n..."./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".D.i.e.s.e.s. .S.e.t.u.p.p.r.o.g.r.a.m.m. .e.r.f.o.r.d.e.r.t. .e.i.n.e. .I.A.6.4.-.P.l.a.t.t.f.o.r.m... .E.s. .k.a.n.n. .n.i.c.h.t. .a.u.f. .d.e.r. .P.l.a.t.t.f.o.r.m. .i.n.s.t.

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1031\SetupResources.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):18776
                                                                                                              Entropy (8bit):5.135663555520085
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:lQ16m3rhGrcHN/USYvYVA9WKieW8bLXci2jXHU2Ze:lEhCSVYvYVAA+Mi2jXHU2A
                                                                                                              MD5:7C9AE49B3A400C728A55DD1CACC8FFB2
                                                                                                              SHA1:DD3A370F541010AD650F4F6AA42E0CFC68A00E66
                                                                                                              SHA-256:402C796FEBCD78ACE8F1C5975E39193CFF77F891CFF4D32F463F9A9C83806D4A
                                                                                                              SHA-512:D30FE9F78A49C533BE5C00D88B8C2E66A8DFAC6D1EAE94A230CD937F0893F6D4A0EECE59C1D2C3C8126FFA9A9648EC55A94E248CD8C7F9677F45C231F84F221B
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........................................................P.......D....@.......................................... ..`+...........2..X............................................................................................text...G...........................@..@.rsrc....0... ...,..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1031\eula.rtf

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                                              Category:dropped
                                                                                                              Size (bytes):163866
                                                                                                              Entropy (8bit):5.029712171633306
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:oiJ+vgRJA8J/snalBEm0OgKXIJR10GZybh2C:aQ
                                                                                                              MD5:117DABB5A055B09B6DB6BCBA8F911073
                                                                                                              SHA1:E8F5D907939400824CC5DADB681852C35CA7BB79
                                                                                                              SHA-256:DAEA9CD8151A2C24A87C3254DEC1DE0463234E44922C8E0AA4E01AB58EC89664
                                                                                                              SHA-512:E995D03998BE9F07F9E9B8566E429D3795ADBDEEEFB2048D6B8877CE15A0ABFCE4FAAEE8DC773250495C15CC35FD0040D81593B51067533836D5F3CF8612D3C4
                                                                                                              Malicious:false
                                                                                                              Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f1\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}..{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ???????????????????????????\'a1\'ec???};}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt Calisto MT};}{\f38\fbidi \fswiss\fcharset0\fpr

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1033\LocalizedData.xml

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (565), with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):39246
                                                                                                              Entropy (8bit):3.5443876937052083
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:4kVKhG9aX0SDpI53/asO0KMv+VXxwVcPIv5COQu4SLbpmQVX5FB0zJOkue6Jjfz3:4MKhJkeZsdlNl9SJOkR6NXaxu
                                                                                                              MD5:D642E322D1E8B739510CA540F8E779F9
                                                                                                              SHA1:36279C76D9F34C09EBDDC84FD33FCC7D4B9A896C
                                                                                                              SHA-256:5D90345FF74E177F6DA8FB6459C1CFCAC080E698215CA75FEB130D0D1F2A76B9
                                                                                                              SHA-512:E1E16AE14BC7CC1608E1A08D3C92B6D0518B5FABD27F2C0EB514C87AFC3D6192BF7A793A583AFC65F1899F03DC419263B29174456E1EC9AB0F0110E0258E0F0D
                                                                                                              Malicious:false
                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".T.h.i.s. .s.e.t.u.p. .p.r.o.g.r.a.m. .r.e.q.u.i.r.e.s. .a.n. .x.6.4. .p.l.a.t.f.o.r.m... .I.t. .c.a.n.n.o.t. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .t.h.i.s. .p.l.a.t.f.o.r.m...". ./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".T.h.i.s. .s.e.t.u.p. .p.r.o.g.r.a.m. .r.e.q.u.i.r.e.s. .a.n. .I.A.6.4. .p.l.a.t.f.o.r.m... .I.t. .c.a.n.n.o.t. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .t.h.i.s. .p.l.a.t.f.o.r.m...". ./.>..... . . . . . .<.T.e.x.t. .

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1033\SetupResources.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):17240
                                                                                                              Entropy (8bit):5.151474565875158
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:byk5nUfwTW7JwWp0eW6jp8M+9HS8bC/TJs7kFkzQKPnEtObMacxc8hjeyveCXZBe:pgoTWp0eWB9ygC/TfFkzLXci2jpv8
                                                                                                              MD5:9547D24AC04B4D0D1DBF84F74F54FAF7
                                                                                                              SHA1:71AF6001C931C3DE7C98DDC337D89AB133FE48BB
                                                                                                              SHA-256:36D0159ED1A7D88000737E920375868765C0A1DD6F5A5ACBB79CF7D97D9E7A34
                                                                                                              SHA-512:8B6048F4185A711567679E2DE4789407077CE5BFE72102D3CB1F23051B8D3E6BFD5886C801D85B4E62F467DD12DA1C79026A4BC20B17F54C693B2F24E499D40F
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........(...............................................P......<f....@.......................................... ...%...........,..X............................................................................................text...G...........................@..@.rsrc....%... ...&..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1033\eula.rtf

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                              Category:dropped
                                                                                                              Size (bytes):7080
                                                                                                              Entropy (8bit):4.934776172726828
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:9fcddvfbS9u6zZ+kodpj4eQ1lhcgi5X90vJqpsSih2:y/fbSZ/odpjmlhcgi5NSkRA2
                                                                                                              MD5:19D028345AADCC05697EEC6D8C5B5874
                                                                                                              SHA1:70BD3D4D51373FB82F0257F28D5F3609BFC82520
                                                                                                              SHA-256:F4FF4EACE31B75176A0806E1693041D546D2599AEC0C77D295BAD09CAC7D9FE7
                                                                                                              SHA-512:9B3DFFEC7C1595197AF69E59094588541558BEF56982475DDDD2C9E3D75FC8B970B384452713632AE20435EC0CAEC6CC4CD8CEC9CD4B4809335FDC9F2CC7B842
                                                                                                              Malicious:false
                                                                                                              Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\froman\fprq2\fcharset0 Times New Roman;}{\f2\froman\fprq2\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2508;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20 MICROSOFT SOFTWARE LICENSE TERMS\f1\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\f0 MICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIES\f1\par..\pard\nowidctlpar\sb120\sa120\b0\f0 These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. Please read them. They apply to the software named above, which includes the media on which you received it, if any. The terms also apply to any Microsoft\f1\par..\pard\nowidctlpar\fi-360\li360\sb120\sa120\tx360\f2\'b7\tab\f0 updates,\f1\par..\f2\'b7\tab\f0 supplements,\f1\par..\f2\'b7\tab\f0 Internet-based services, and \f1\par..\f2\'b7\tab\f0 support services\f1\par.

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1036\LocalizedData.xml

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (619), with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):41492
                                                                                                              Entropy (8bit):3.5522209001567364
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:4GrYAOJoFbZZ0eQiFaD4EbJeiI5hJUPu2oBknXoFDYnZCoroUnAJJFHq20/kFR/0:4GZUoRZc5ryx2fHIJR0kbG52gjfVv
                                                                                                              MD5:E382ABC19294F779D2833287242E7BC6
                                                                                                              SHA1:1CEAE32D6B24A3832F9244F5791382865B668A72
                                                                                                              SHA-256:43F913FF28D677316F560A0F45221F35F27CFAF5FC5BD645974A82DCA589EDBF
                                                                                                              SHA-512:06054C8048CADE36A3AF54F9A07FD8FA5EB4F3228790996D2ABEA7EE1EE7EB563D46BD54FF97441F9610E778194082C44E66C5F566C9C50A042ABA9EB9CAE25E
                                                                                                              Malicious:false
                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".C.e. .p.r.o.g.r.a.m.m.e. .d.'.i.n.s.t.a.l.l.a.t.i.o.n. .r.e.q.u.i.e.r.t. .u.n.e. .p.l.a.t.e.f.o.r.m.e. .x.6.4... .I.l. .n.e. .p.e.u.t. .p.a.s. ...t.r.e. .i.n.s.t.a.l.l... .s.u.r. .c.e.t.t.e. .p.l.a.t.e.f.o.r.m.e..."./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".C.e. .p.r.o.g.r.a.m.m.e. .d.'.i.n.s.t.a.l.l.a.t.i.o.n. .r.e.q.u.i.e.r.t. .u.n.e. .p.l.a.t.e.f.o.r.m.e. .I.A.6.4... .I.l. .n.e. .p.e.u.t. .p.a.s. ...t.r.e. .i.n.s.t.a.

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1036\SetupResources.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):18776
                                                                                                              Entropy (8bit):5.112489568342605
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:J7Z66AY9li3OoDDkbiWpQeWELXci2jpv8:JffiZDgycMi2jpv8
                                                                                                              MD5:93F57216FE49E7E2A75844EDFCCC2E09
                                                                                                              SHA1:DCCD52787F147E9581D303A444C8EE134AFC61A8
                                                                                                              SHA-256:2506827219B461B7C6C862DAE29C8BFF8CB7F4A6C28D2FF60724CAC70903987D
                                                                                                              SHA-512:EADFFB534C5447C24B50C7DEFA5902F9EB2DCC4CF9AF8F43FA889B3367EA25DFA6EA87FF89C59F1B7BBF7106888F05C7134718021B44337AE5B7D1F808303BB1
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........................................................P......B|....@.......................................... ...+...........2..X............................................................................................text...G...........................@..@.rsrc....0... ...,..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1036\eula.rtf

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                                              Category:dropped
                                                                                                              Size (bytes):162915
                                                                                                              Entropy (8bit):5.023428742885146
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:Xn6ipERiA7JzI3ilBEBr97dQnKG5zpZ27KN4:KiZ
                                                                                                              MD5:BBBBB0BDA00FDA985BB39FEE5FD04FF8
                                                                                                              SHA1:3053CF30FAD92F133AD3EA7EEFB8C729D323EA00
                                                                                                              SHA-256:3CB591E6801E91FE58E79449F7C99B88C3BA0ACE5D922B4AA0C8F2CDD81854BD
                                                                                                              SHA-512:32CC1B0F033B13D7614F8BD80DE4D3F9D4668632010BCB563E90773FB2F4971D19206C46B0C2B0E55308CA14F4DEAF5EB415DAE5F2C0C4331B5DF0AE44B2F61E
                                                                                                              Malicious:false
                                                                                                              Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff38\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ????????????????????????????\'a1\'a7??};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt Calisto MT};}..{\f38\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?? ??};}{\f39\fbidi \fswiss\f

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1040\LocalizedData.xml

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (601), with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):40338
                                                                                                              Entropy (8bit):3.5295538496820984
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:4hZo3+Ma9e1JzNZNs4fneAEJ0o5H/PuRv:NaudsJ1u
                                                                                                              MD5:0AF948FE4142E34092F9DD47A4B8C275
                                                                                                              SHA1:B3D6DD5C126280398D9055F90E2C2C26DBAE4EAA
                                                                                                              SHA-256:C4C7C0DDAA6D6A3A1DC260E9C5A24BDFAA98C427C69E8A65427DD7CAC0A4B248
                                                                                                              SHA-512:D97B5FE2553CA78A3019D53E33D2DB80C9FA1CF1D8D2501D9DDF0576C7E6EA38DAB754FE4712123ABF34B97E10B18FB4BBD1C76D3DACB87B4682E501F93423D9
                                                                                                              Malicious:false
                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".I.l. .p.r.o.g.r.a.m.m.a. .d.i. .i.n.s.t.a.l.l.a.z.i.o.n.e. .r.i.c.h.i.e.d.e. .u.n.a. .p.i.a.t.t.a.f.o.r.m.a. .x.6.4... .I.m.p.o.s.s.i.b.i.l.e. .e.s.e.g.u.i.r.e. .l.'.i.n.s.t.a.l.l.a.z.i.o.n.e. .s.u. .q.u.e.s.t.a. .p.i.a.t.t.a.f.o.r.m.a..."./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".I.l. .p.r.o.g.r.a.m.m.a. .d.i. .i.n.s.t.a.l.l.a.z.i.o.n.e. .r.i.c.h.i.e.d.e. .u.n.a. .p.i.a.t.t.a.f.o.r.m.a. .I.A.6.4... .I.m.p.o.s.s.i.b.i.l.

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1040\SetupResources.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):18264
                                                                                                              Entropy (8bit):5.142702232041524
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:77n6Tg7AtONBKHno5hWXeWFLXci2jpvz2:7XAbs+ZMi2jpvz2
                                                                                                              MD5:E4860FC5D4C114D5C0781714F3BF041A
                                                                                                              SHA1:864CE88E8AB1DB9AFF6935F9231521B6B72D5974
                                                                                                              SHA-256:6B2D479D2D2B238EC1BA9D14F9A68DC552BC05DCBCC9007C7BB8BE66DEFC643B
                                                                                                              SHA-512:39B0A97C4E83D5CCA1CCCCE494831ADBC18DF1530C02E6A2C13DAE66150F66A7C987A26CECB5587EA71DD530C8BE1E46922FE8C65AE94145D90B0A057C06548D
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........,...............................................P......^.....@.......................................... ...)...........0..X............................................................................................text...G...........................@..@.rsrc....0... ...*..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1040\eula.rtf

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                                              Category:dropped
                                                                                                              Size (bytes):189369
                                                                                                              Entropy (8bit):4.993456059906976
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:8K91dpBgRJA8J/snalBEm0OgKXIJR10GZybh2C:8aK
                                                                                                              MD5:F1602100F6C135AB5D8026E9248BAF02
                                                                                                              SHA1:DEBE92E8761F5320352DCFFE844FB25A10E9EA14
                                                                                                              SHA-256:284A8BBA438DA22A1B4F497B0B4ED1D9886184859527B87FF7350C83F198AB2D
                                                                                                              SHA-512:2A0FBEF3114B54EDB400D913D317A5097801834BEE0FB536B0FF645DD1CA40A1451945AD563119A5BA80F26B51CDA8B23E93BE71D7C82723AFEDE3CBF1DA00C6
                                                                                                              Malicious:false
                                                                                                              Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ?????????????????????????????\'a1\'ec?};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt Calisto MT};}..{\f38\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?? ??};}{\f39\fbidi \fsw

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1041\LocalizedData.xml

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (440), with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):34318
                                                                                                              Entropy (8bit):4.3825885013202255
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:4OTOo45ZyAYcou3LDnmUjMFsrHZmxqJOXhNCGYHre3iR7v:4OTOoMhYcRaOXJ6koIv
                                                                                                              MD5:7FCFBC308B0C42DCBD8365BA62BADA05
                                                                                                              SHA1:18A0F0E89B36818C94DE0AD795CC593D0E3E29A9
                                                                                                              SHA-256:01E7D24DD8E00B5C333E96D1BB83813E02E96F89AAD0C2F28F84551D28ABBBE2
                                                                                                              SHA-512:CD6F912A037E86D9E1982C73F0F8B3C4D5A9A6B5B108A7B89A46E6691E430A7CB55718DE9A0C05650BB194C8D4A2E309AD6221D638CFCA8E16AA5920881BA649
                                                                                                              Malicious:false
                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".S0n0.0.0.0.0.0.0 ..0.0.0.0.0o0 .x.6.4. ..0.0.0.0.0.0.0n0.0.0.[a.h0W0f0D0~0Y0.0S0.0o0S0n0.0.0.0.0.0.0.0.0k0o0.0.0.0.0.0.0g0M0~0[0.0.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".S0n0.0.0.0.0.0.0 ..0.0.0.0.0o0 .I.A.6.4. ..0.0.0.0.0.0.0n0.0.0.[a.h0W0f0D0~0Y0.0S0.0o0S0n0.0.0.0.0.0.0.0.0k0o0.0.0.0.0.0.0g0M0~0[0.0.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.U.n.S.u.p.p.o.r.t.e.d.O.S.).". .L.o.c.a.l.i.

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1041\SetupResources.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):15704
                                                                                                              Entropy (8bit):5.929554826924656
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:Cg0rjUfwtW1+/FuZhS5CSJk/lhAW5kEW1QKPnEtObMacxc8hjeyveCXPX:5hC7mS53JkNSW5kEW1LXci2jpvJ
                                                                                                              MD5:278FD7595B580A016705D00BE363612F
                                                                                                              SHA1:89A299A9ABECB624C3606267371B7C07B74B3B26
                                                                                                              SHA-256:B3ECD3AEA74D0D97539C4971C69F87C4B5FE478FC42A4A31F7E1593D1EBA073F
                                                                                                              SHA-512:838D23D35D8D042A208E8FA88487CD1C72DA48F336157D03B9549DD55C75DA60A83F6DD2B3107EB3E5A24F3FAD70AE1629ACC563371711117C3C3E299B59D838
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!........."...............................................@............@.......................................... ..h............&..X............................................................................................text...G...........................@..@.rsrc.... ... ... ..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1041\eula.rtf

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                                              Category:dropped
                                                                                                              Size (bytes):181054
                                                                                                              Entropy (8bit):4.962328655200384
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:7vykJ9MRJAwJjAXetBE1rRbe+KusGWqcJ2V:fJ
                                                                                                              MD5:89D66A0B94450729015D021BC8F859E9
                                                                                                              SHA1:C9AD4C7DCDAFEAD282DAA1C214E7A0EAB567FFD5
                                                                                                              SHA-256:6A1884515CC4378D732F681934658252A4B45D76CE7F53CF8650BE794CC8D390
                                                                                                              SHA-512:336A5B1CBF2F52DF5B151A564C8452826D253F9FC565C865D7BA37B91229996D9AE59603350BD5CD99352ED63D265D8578095560CB7DE67DA7E1AA2135FBF0FB
                                                                                                              Malicious:false
                                                                                                              Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff38\deff0\stshfdbch13\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f1\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}..{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ??????????????????????????????\'a8\'ac};}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt Calisto MT};}{\f38\fbidi \fswiss\fcharset0\f

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1042\LocalizedData.xml

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (439), with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):32962
                                                                                                              Entropy (8bit):4.366055142656104
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:4cdsW0fwUrh+UgYUDQhGAtPN/2JWCTJSIQvPaLWL2C4oH/Drv:4cdszvrBgYUDQhF5N7IJSIQvkQfLH/Pv
                                                                                                              MD5:71DFD70AE141F1D5C1366CB661B354B2
                                                                                                              SHA1:C4B22590E6F6DD5D39E5158B831AE217CE17A776
                                                                                                              SHA-256:CCCDA55294AEB4AF166A8C0449BCA2189DDF5AA9A43D5E939DD3803E61738331
                                                                                                              SHA-512:5000D62F3DE41C3FB0ED8A8E9C37DBF4EB427C4F1E3AD3823D4716C6FE62250BAC11B7987A302B8A45D91AABCF332457F7AFF7D99F15EDEFFE540639E9440E8A
                                                                                                              Malicious:false
                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".t. .$.X. ...\.....D. .....X.$.t. .x.6.4. ......t. .D..i..... .t. ......... .$.X.`. ... ........"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".t. .$.X. ...\.....D. .....X.$.t. .I.A.6.4. ......t. .D..i..... .t. ......... .$.X.`. ... ........"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.U.n.S.u.p.p.o.r.t.e.d.O.S.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".t. ..... ........... .M.i.c.r.o.s.o.f.

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1042\SetupResources.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):15192
                                                                                                              Entropy (8bit):5.9622226182057325
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:Hpix6f+jYxzekdPKNS0N7gVCAMWpCeWRQKPnEtObMacxc8hjeyveCXmo+:3ibMj0lgRMWpCeWRLXci2jpv8o+
                                                                                                              MD5:FCFD69EC15A6897A940B0435439BF5FC
                                                                                                              SHA1:6DE41CABDB45294819FC003560F9A2D1E3DB9A7B
                                                                                                              SHA-256:90F377815E3C81FC9AE5F5B277257B82811417CA3FFEACD73BAB530061B3BE45
                                                                                                              SHA-512:4DC3580B372CEE1F4C01569BAEA8CD0A92BC613648DB22FF1855920E47387A151964B295A1126597B44BB0C596E8757B1FCF47CDA010F9BBB15A88F97F41B8BF
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!......... ...............................................@......v.....@.......................................... ...............$..X............................................................................................text...G...........................@..@.rsrc.... ... ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1042\eula.rtf

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                                              Category:dropped
                                                                                                              Size (bytes):351492
                                                                                                              Entropy (8bit):4.844773730829239
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:bNK7z5n/OLs3+lAB4HeqyOOZjYCrv1MT2hhO0kN9okLgd80UKdF8K8Zb4ajD/y9m:bI79kaIDUhOhQAUiK/9/MjZr
                                                                                                              MD5:8203E9FC25A5720AFB8C43E8BE10C3B0
                                                                                                              SHA1:FC7D9B452B6D5475FD1EF61B78E8BC6E32F08974
                                                                                                              SHA-256:0EBD62213F41DFFA0BCD939BDC6ABC25096E95112C217FDF27CE661A19AD0866
                                                                                                              SHA-512:F95DCB9C25436AE322C240A0D0ABD9F4904A5AF313CAC5CB8C90C1A5460DAD8E983347AD7540C672046E4210945B053B75313BB6D10B44B2A0BF0024B400E81E
                                                                                                              Malicious:false
                                                                                                              Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch12\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe1042\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f1\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}..{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}{\f12\fbidi \froman\fcharset129\fprq2{\*\panose 02030600000101010101}Batang{\*\falt \'b9\'d9\'c5\'c1};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ??????????????????????????????\'a1\'a7};}{\f20\fbidi \froman\fcharset129\f

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1049\LocalizedData.xml

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (634), with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):40428
                                                                                                              Entropy (8bit):4.232828720335164
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:4q0oG/2VrQa0inweNLvSli+CJA3aJW5cGUT3CT+v:DVFJl
                                                                                                              MD5:0EEB554D0B9F9FCDB22401E2532E9CD0
                                                                                                              SHA1:08799520B72A1EF92AC5B94A33509D1EDDF6CAF8
                                                                                                              SHA-256:BEEF0631C17A4FB1FF0B625C50C6CB6C8CE90A1AE62C5E60E14BF3D915AD509C
                                                                                                              SHA-512:2180E46A5A2EA1F59C879B729806CA02A232C66660F29C338C1FA7FBEE2AFA4B13D8777D1F7B63CF831EB42F3E55282D70AA8E53F40616B8A6E4D695C36E313D
                                                                                                              Malicious:false
                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=."...;.O. .M.B.>.9. .?.@.>.3.@.0.<.<.K. .C.A.B.0.=.>.2.:.8. .B.@.5.1.C.5.B.A.O. .?.;.0.B.D.>.@.<.0. .x.6.4... ...5. .=.5.;.L.7.O. .C.A.B.0.=.>.2.8.B.L. .=.0. .4.0.=.=.C.N. .?.;.0.B.D.>.@.<.C..."./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=."...;.O. .M.B.>.9. .?.@.>.3.@.0.<.<.K. .C.A.B.0.=.>.2.:.8. .B.@.5.1.C.5.B.A.O. .?.;.0.B.D.>.@.<.0. .I.A.6.4... ...5. .=.5.;.L.7.O. .C.A.B.0.=.>.2.8.B.L. .=.0. .4.0.=.=.C.N. .?.;.0.B.D.>.@.<.C.

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1049\SetupResources.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):18264
                                                                                                              Entropy (8bit):5.548909804205606
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:eRBvnUfwVWBC623DV3SD1tt9WfXHT7nMsmxeW1QKPnEtObMacxc8hjeyveCXgFK1:e/C6+URiD1vwLoPeW1LXci2jpvaFHM
                                                                                                              MD5:7EF74AF6AB5760950A1D233C582099F1
                                                                                                              SHA1:BF79FF66346907446F4F95E1E785A03CA108EB5D
                                                                                                              SHA-256:658398F1B68D49ABD37FC3B438CD564992D4100ED2A0271CBF83173F33400928
                                                                                                              SHA-512:BBBB099AD24F41785706033962ACFC75039F583BEED40A7CDC8EDA366AB2C77F75A5B2792CF6AACB80B39B6B1BB84ECE372BE926FF3F51028FB404D2F6334D78
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........,...............................................P......O.....@.......................................... ...*...........0..X............................................................................................text...G...........................@..@.rsrc....0... ...*..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\1049\eula.rtf

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                                              Category:dropped
                                                                                                              Size (bytes):213363
                                                                                                              Entropy (8bit):4.934134633374225
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:D/fSz7yMsMyN1FyRtXSWS3SoSalsySMDS7SmSJ8SUSPsBa5IqDSySipSAS6ASGS+:pG
                                                                                                              MD5:5B95EFBC01DC97EE9A6C6F64A49AA62D
                                                                                                              SHA1:A99C984A0D5E316FE60D588A3519F2D5C805C1DE
                                                                                                              SHA-256:0CFACFF2B63121AD1D71376E4A3799B93B7E6D278209FE4806CCA0F74830CFC1
                                                                                                              SHA-512:A0B19864E68945A74BCE24C8D5EB0050ABB66C6FF6A53D0482FFA70E93EEE2957608BB9BDE535718D56CD5D7509B4DD7A1786C99BC2120344293234B7A6C2A3B
                                                                                                              Malicious:false
                                                                                                              Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f1\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}..{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ???????????????????????????????};}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt Calisto MT};}{\f38\fbidi \fswiss\fcharset0\fprq2{\*\p

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\2052\LocalizedData.xml

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (390), with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):31138
                                                                                                              Entropy (8bit):4.240036868712424
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:4Qn7cJwYTzOnyquEWTOAXUewfMcqQJywXk83GJPupIoxnb/2v:4Qn7cJxTC/uEWTfXUewiQJyoknJY9b+v
                                                                                                              MD5:52B1DC12CE4153AA759FB3BBE04D01FC
                                                                                                              SHA1:BF21F8591C473D1FCE68A9FAF1E5942F486F6EBA
                                                                                                              SHA-256:D1735C8CFD8E10BA019D70818C19FA865E7C72F30AB6421A3748408F85FB96C3
                                                                                                              SHA-512:418903AE9A7BAEBF73D055E4774FF1917FBAAB9EE7ED8C120C34BB10E7303F6DD7B7DAE701596D4626387A30AE1B4D329A9AF49B8718B360E2FF619C56C19623
                                                                                                              Malicious:false
                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".dk.[..z.^..Bl.O(u .x.6.4. .s^.S.0.N..(Wdks^.S.N.[.dk.z.^.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".dk.[..z.^..Bl.O(u .I.A.6.4. .s^.S.0.N..(Wdks^.S.N.[.dk.z.^.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.U.n.S.u.p.p.o.r.t.e.d.O.S.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".dk.d\O.|.~.N/e.c .M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.0. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e..0"./.>..... . . . . . .<.

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\2052\SetupResources.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):14168
                                                                                                              Entropy (8bit):6.010838262457833
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:rsLnUfwVWtTXjuQShyjK7tWUEW5IQKPnEtObMacxc8hjeyveCXMOV:4eCTFhMKZWUEW5ILXci2jpvP
                                                                                                              MD5:407CDB7E1C2C862B486CDE45F863AE6E
                                                                                                              SHA1:308AEEBEB1E1663ACA26CE880191F936D0E4E683
                                                                                                              SHA-256:9DD9D76B4EF71188B09F3D074CD98B2DE6EA741530E4EA19D539AE3F870E8326
                                                                                                              SHA-512:7B4F43FC24EB30C234F2713C493B3C13928C591C77A3017E8DD806A41CCFEDD53B0F748B5072052F8F9AC43236E8320B19D708903E3F06C59C6ED3C12722494E
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........................................................@.......y....@.......................................... ............... ..X............................................................................................text...G...........................@..@.rsrc.... ... ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\2052\eula.rtf

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                                              Category:dropped
                                                                                                              Size (bytes):225202
                                                                                                              Entropy (8bit):4.985888615397263
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:0pvaMOA6EOEGJA7JDnbyiBTmAO3FQ31Rdz5Zq3Kho:6v+Ez0
                                                                                                              MD5:6E5BDDF58163B11C79577B35A87A4424
                                                                                                              SHA1:8AAA1008360F7B255A6A88AD02D3A00DEB8B0AE6
                                                                                                              SHA-256:D4A26E3756437CA8BA132AE3A73AA7A829478A847D6B9AB69A8090515CE9A60A
                                                                                                              SHA-512:21DD9D754C0A3A383F20259E87AA4769D6ECB36753039DCE8B644E16E0ABC3C94B4B850648E0369474C914655140E7F3CC3E808ED27E70892A863F61F8588C6E
                                                                                                              Malicious:false
                                                                                                              Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch31505\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ??????????????????????????\'a1\'a7????};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt Calisto MT};}..{\f38\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?? ??};}{\f39\fbidi

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\3082\LocalizedData.xml

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (616), with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):40912
                                                                                                              Entropy (8bit):3.5296334743141515
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:4fgA4Ukd+uYW1HCD1GO/tja2QDu7Jr++dP8z3AzOrv:tUZW1iDDdWCJi8Pg32Y
                                                                                                              MD5:5397A12D466D55D566B4209E0E4F92D3
                                                                                                              SHA1:FCFFD8961FB487995543FC173521FDF5DF6E243B
                                                                                                              SHA-256:F124D318138FF084B6484DEB354CCA0F72296E1341BF01169792B3E060C89E89
                                                                                                              SHA-512:7708F5A2AD3E4C90C4C216600435AF87A1557F60CAF880A3DD9B5F482E17399AF9F0B9DE03FF1DBDD210583E0FEC5B466E35794AC24D6D37F9BBC094E52FC77B
                                                                                                              Malicious:false
                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".E.s.t.e. .p.r.o.g.r.a.m.a. .d.e. .i.n.s.t.a.l.a.c.i...n. .r.e.q.u.i.e.r.e. .u.n.a. .p.l.a.t.a.f.o.r.m.a. .x.6.4... .N.o. .s.e. .p.u.e.d.e. .i.n.s.t.a.l.a.r. .e.n. .e.s.t.a. .p.l.a.t.a.f.o.r.m.a..."./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".E.s.t.e. .p.r.o.g.r.a.m.a. .d.e. .i.n.s.t.a.l.a.c.i...n. .r.e.q.u.i.e.r.e. .u.n.a. .p.l.a.t.a.f.o.r.m.a. .I.A.6.4... .N.o. .s.e. .p.u.e.d.e. .i.n.s.t.a.l.a.r. .e.n. .e.s.t.a. .p.l.a.t.

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\3082\SetupResources.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):18776
                                                                                                              Entropy (8bit):5.182140892959793
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:ZikgnUfwVWVCe8b1S2U85ZTYG1lmW+eWaQKPnEtObMacxc8hjXHUz1TrOYL18:Zlv6Lbg2zZTf1lmW+eWaLXci2jXHUx8
                                                                                                              MD5:B057315A8C04DF29B7E4FD2B257B75F4
                                                                                                              SHA1:D674D066DF8D1041599FCBDB3BA113600C67AE93
                                                                                                              SHA-256:51B174AE7EE02D8E84C152D812E35F140A61814F3AECD64E0514C3950060E9FE
                                                                                                              SHA-512:F1CD510182DE7BBF8D45068D1B3F72DE58C7B419EFC9768765DF6C180AB3E2D94F3C058143095A66C05BCB70B589D1A5061E5FEE566282E5DB49FFBDEA3C672F
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........................................................P............@.......................................... .. *...........2..X............................................................................................text...G...........................@..@.rsrc....0... ...,..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\3082\eula.rtf

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                                              Category:dropped
                                                                                                              Size (bytes):152458
                                                                                                              Entropy (8bit):5.013297113523102
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:4zkouwFDNSMUYugRJA8J/snalBEm0OgKXIJR10GZybh2U:4zDNIYt
                                                                                                              MD5:A920D4F55EAE5FEBAB1082AB2BCC2439
                                                                                                              SHA1:CBD631427871B620E9C95417788BFCDD1CD0A2A5
                                                                                                              SHA-256:2FFF2122C4D176E074365775227D4208AF48F2F921BE7623EDC315CD345ACF0B
                                                                                                              SHA-512:28135FBD9D940F0DEEC7A059AB2998B034575CC5D6DD31B1BE501B60689860478B0A0AB5183C69B2ACBBB9C1A074BBAA215960B3FACC6A9A3B0170E27E7B2B47
                                                                                                              Malicious:false
                                                                                                              Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ????????????????????????????\'a8\'ac??};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt Calisto MT};}..{\f38\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?? ??};}{\f39\fbidi \fsw

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\DHtmlHeader.html

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16118
                                                                                                              Entropy (8bit):3.6434775915277604
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:7Ddx3KOTczFQ21Kp4n5DTx1iDecPeLHLHQFJFjZWblWUxFzJzcKHjT:fdsOT01KcBUFJFEWUxFzvHH
                                                                                                              MD5:CD131D41791A543CC6F6ED1EA5BD257C
                                                                                                              SHA1:F42A2708A0B42A13530D26515274D1FCDBFE8490
                                                                                                              SHA-256:E139AF8858FE90127095AC1C4685BCD849437EF0DF7C416033554703F5D864BB
                                                                                                              SHA-512:A6EE9AF8F8C2C7ACD58DD3C42B8D70C55202B382FFC5A93772AF7BF7D7740C1162BB6D38A4307B1802294A18EB52032D410E128072AF7D4F9D54F415BE020C9A
                                                                                                              Malicious:false
                                                                                                              Preview:..<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C././.D.T.D. .X.H.T.M.L. .1...1././.E.N.". .".h.t.t.p.:././.w.w.w...w.3...o.r.g./.T.R./.x.h.t.m.l.1.1./.D.T.D./.x.h.t.m.l.1.1...d.t.d.".>.....<.!.-.-. .T.h.e. .E.x.t.e.n.d.e.d. .C.o.p.y.r.i.g.h.t./.T.r.a.d.e.m.a.r.k. .L.a.n.g.u.a.g.e. .R.e.s.i.d.e.s. .A.t.:. .h.t.t.p.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.i.n.f.o./.c.p.y.r.t.I.n.f.r.g...h.t.m. .-.-.>.....<.h.t.m.l. .x.m.l.n.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.1.9.9.9./.x.h.t.m.l.".>.....<.h.e.a.d.>.......<.m.e.t.a. .h.t.t.p.-.e.q.u.i.v.=.".C.o.n.t.e.n.t.-.T.y.p.e.". .c.o.n.t.e.n.t.=.".t.e.x.t./.h.t.m.l.;. .c.h.a.r.s.e.t.=.u.t.f.-.1.6."./.>.<.b.a.s.e. .t.a.r.g.e.t.=."._.b.l.a.n.k."./.>.......<.s.t.y.l.e. .t.y.p.e.=.".t.e.x.t./.c.s.s.".>.........h.t.m.l.{.o.v.e.r.f.l.o.w.:.s.c.r.o.l.l.}.........b.o.d.y.{.f.o.n.t.-.s.i.z.e.:.1.0.p.t.;.f.o.n.t.-.f.a.m.i.l.y.:.V.e.r.d.a.n.a.;.c.o.l.o.r.:.#.0.0.0.0.0.0.;.b.a.c.k.g.r.o.u.n.d.-.c.o.l.o.r.:.#.F.0.F.0.F.0.}...........h.e.a.d.e.r.

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\DisplayIcon.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:MS Windows icon resource - 13 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):88533
                                                                                                              Entropy (8bit):7.210526848639953
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:xWayqxMQP8ZOs0JOG58d8vo2zYOvvHAj/4/aXj/Nhhg73BVp5vEdb:e/gB4H8vo2no0/aX7C7Dct
                                                                                                              MD5:F9657D290048E169FFABBBB9C7412BE0
                                                                                                              SHA1:E45531D559C38825FBDE6F25A82A638184130754
                                                                                                              SHA-256:B74AD253B9B8F9FCADE725336509143828EE739CC2B24782BE3ECFF26F229160
                                                                                                              SHA-512:8B93E898148EB8A751BC5E4135EFB36E3AC65AF34EAAC4EA401F1236A2973F003F84B5CFD1BBEE5E43208491AA1B63C428B64E52F7591D79329B474361547268
                                                                                                              Malicious:false
                                                                                                              Preview:..............(...............h...............h...f... .............. .............. ..........^...00......h....#..00..........n)..00...........8........ .h....T.. .... .....&Y..00.... ..%...i........ ._...v...(....... ....................................................................................................w......x......................x..ww...........h...............................w.....w.x..........x................xwvwg.................................................................(....... ...................................jO:.mS?.qWD.v\I.|cP..kX..q_..sa..yg..{j...p..nh..pj..uo..|u..xq..|r..|u..rx..zy..|w.}.y...q...d...y...{......S...]..d..i..r..|...j..j...y...e...k...l..q...y...~...v...y..s..s..m...m...l...n...k...t...l.............................................................................................................................................................................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\Graphics\Print.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1150
                                                                                                              Entropy (8bit):4.923507556620034
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:dOjNyw2aSGZHJi4U7Wf0mDX+QF7s/AemFAh:MjNyw/0NW9DOp/ANC
                                                                                                              MD5:7E55DDC6D611176E697D01C90A1212CF
                                                                                                              SHA1:E2620DA05B8E4E2360DA579A7BE32C1B225DEB1B
                                                                                                              SHA-256:FF542E32330B123486797B410621E19EAFB39DF3997E14701AFA4C22096520ED
                                                                                                              SHA-512:283D381AA396820B7E15768B20099D67688DA1F6315EC9F7938C2FCC3167777502CDED0D1BEDDF015A34CC4E5D045BCB665FFD28BA2FBB6FAF50FDD38B31D16E
                                                                                                              Malicious:false
                                                                                                              Preview:............ .h.......(....... ..... .....@.........................................................................................t?.fR.|bN.y_K.v\H.rXD.oUA.kQ=.hN:.eK7.cI5.cI5.cI5i.........th<..z............................................cI5.cI5...................................................qXE.cI5.cI5.......~.............................................}eS.kR>.cI5......................................................q`.w^L.cI5..............................z..~n..sb..jX.{bP.t[H..~m..kY.nT@.......................................................{..wf.zaM.......vO.......................q..r`.}cQ.w]J..lZ.......t.x^J...........}Z..................................z`M........{aM...............0..............................jY.{aO...........................................................x^K.x^Kk.....................................................n\.y_L...........................r...............................y_L.x^K&.........................s.............

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\Graphics\Rotate1.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):894
                                                                                                              Entropy (8bit):2.5118974066097444
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:kRKqNllGuv/ll2dL/rK//dlQt0tlWMlMN8Fq/wbD4tNZDlNc367YCm6p+Wvtjlpr:pIGOmDAQt8n+uNbctNZ5w6AsXjKHRp5c
                                                                                                              MD5:26A00597735C5F504CF8B3E7E9A7A4C1
                                                                                                              SHA1:D913CB26128D5CA1E1AC3DAB782DE363C9B89934
                                                                                                              SHA-256:37026C4EA2182D7908B3CF0CEF8A6F72BDDCA5F1CFBC702F35B569AD689CF0AF
                                                                                                              SHA-512:08CEFC5A2B625F261668F70CC9E1536DC4878D332792C751884526E49E7FEE1ECFA6FCCFDDF7BE80910393421CC088C0FD0B0C27C7A7EFF2AE03719E06022FDF
                                                                                                              Malicious:false
                                                                                                              Preview:..............h.......(....... .......................................................................................................................................................................................t.r........................................p.nn.l|.z..........................................g.e.......................................................................................P.N..........................................P.OG.FP.O..........................................?.>...................................................................................................+.*..........................................3.2%.$+.*..........................................!. ............{.{.............................................................................................~.~..................................G.......................................G..........

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\Graphics\Rotate2.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):894
                                                                                                              Entropy (8bit):2.5178766234336925
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:pmZX5+9wQaxWbwW3h/7eHzemn0iLHRp5c:Md5EaxWbh/Cnt4
                                                                                                              MD5:8419CAA81F2377E09B7F2F6218E505AE
                                                                                                              SHA1:2CF5AD8C8DA4F1A38AAB433673F4DDDC7AE380E9
                                                                                                              SHA-256:DB89D8A45C369303C04988322B2774D2C7888DA5250B4DAB2846DEEF58A7DE22
                                                                                                              SHA-512:74E504D2C3A8E82925110B7CFB45FDE8A4E6DF53A188E47CF22D664CBB805EBA749D2DB23456FC43A86E57C810BC3D9166E7C72468FBD736DA6A776F8CA015D1
                                                                                                              Malicious:false
                                                                                                              Preview:..............h.......(....... ...............................................................................................................................................................................................................................................................................................................................................................................r.p..........................................q.oj.hq.o..........................................b.`...................................................................................................J.I..................|.|...y.y...............Q.PC.BF.E..........................................>.=.........".!..........................................2.1".!'.&..........................................".!.....................................G.......................................G..........

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\Graphics\Rotate3.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):894
                                                                                                              Entropy (8bit):2.5189797450574103
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:pPrMIMxPWk3AyORrabBQ+gra2/MXWM4xfQHRp5c:1gxPbXlBQ+gr1ffO4
                                                                                                              MD5:924FD539523541D42DAD43290E6C0DB5
                                                                                                              SHA1:19A161531A2C9DBC443B0F41B97CBDE7375B8983
                                                                                                              SHA-256:02A7FE932029C6FA24D1C7CC06D08A27E84F43A0CBC47B7C43CAC59424B3D1F6
                                                                                                              SHA-512:86A4C5D981370EFA20183CC4A52C221467692E91539AC38C8DEF1CC200140F6F3D9412B6E62FAF08CA6668DF401D8B842C61B1F3C2A4C4570F3B2CEC79C9EE8B
                                                                                                              Malicious:false
                                                                                                              Preview:..............h.......(....... .................................................................................................................................................................................................................................................................................................................................................................................................................z.z...{.{...........................................................................................................................................................s.q..........................................y.wl.jl.j...............3.2#."*.)..................f.d.........E.D.........(.'..............................U.TE.DF.E..........................................E.D.....................................G.......................................G..........

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\Graphics\Rotate4.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):894
                                                                                                              Entropy (8bit):2.5119705312617957
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:kRK///FleTxml+SzNaoT9Q0/lHOmMdrYln8OUo/XRWl2XOXFBYpqnHp/p5c:p///FPwxUrMunUofRReFNHRp5c
                                                                                                              MD5:BB55B5086A9DA3097FB216C065D15709
                                                                                                              SHA1:1206C708BD08231961F17DA3D604A8956ADDCCFE
                                                                                                              SHA-256:8D82FF7970C9A67DA8134686560FE3A6C986A160CED9D1CC1392F2BA75C698AB
                                                                                                              SHA-512:DE9226064680DA6696976A4A320E08C41F73D127FBB81BF142048996DF6206DDB1C2FE347C483CC8E0E50A00DAB33DB9261D03F1CD7CA757F5CA7BB84865FCA9
                                                                                                              Malicious:false
                                                                                                              Preview:..............h.......(....... .............................................................................................................................................................................................................y.y...|.|.............................................................................................................................................................................................................................................,.+".!,.+.........................................(.'......................................................................................=.<..........................................S.RC.BG.F.............................j.h.........H.G..............................y.wj.hi.g..........................................j.h.....................................G.......................................G..........

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\Graphics\Rotate5.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):894
                                                                                                              Entropy (8bit):2.5083713071878764
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:kRKi+Blqkl/QThulVDYa5a//ItEl/aotzauakg//5aM1lkl05Kaag2/JqnHp/p5c:pXBHehqSayIylrtBg/bk4AgzHRp5c
                                                                                                              MD5:3B4861F93B465D724C60670B64FCCFCF
                                                                                                              SHA1:C672D63C62E00E24FBB40DA96A0CC45B7C5EF7F0
                                                                                                              SHA-256:7237051D9AF5DB972A1FECF0B35CD8E9021471740782B0DBF60D3801DC9F5F75
                                                                                                              SHA-512:2E798B0C9E80F639571525F39C2F50838D5244EEDA29B18A1FAE6C15D939D5C8CD29F6785D234B54BDA843A645D1A95C7339707991A81946B51F7E8D5ED40D2C
                                                                                                              Malicious:false
                                                                                                              Preview:..............h.......(....... .................................................................................................{.{...~.~.......................................................................................}.}.........................................................).(#."2.1..........................................).(...................................................................................................=.<..........................................N.ME.DN.M..........................................M.L.......................................................................................e.c..........................................z.xl.jm.k........................................r.p........................................................................................................................G.......................................G..........

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\Graphics\Rotate6.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):894
                                                                                                              Entropy (8bit):2.5043420982993396
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:pjs+/hlRwx5REHevtOkslTaGWOpRFkpRHkCHRp5c:tZ/u+HeilBh/F+Rd4
                                                                                                              MD5:70006BF18A39D258012875AEFB92A3D1
                                                                                                              SHA1:B47788F3F8C5C305982EB1D0E91C675EE02C7BEB
                                                                                                              SHA-256:19ABCEDF93D790E19FB3379CB3B46371D3CBFF48FE7E63F4FDCC2AC23A9943E4
                                                                                                              SHA-512:97FDBDD6EFADBFB08161D8546299952470228A042BD2090CD49896BC31CCB7C73DAB8F9DE50CDAF6459F7F5C14206AF7B90016DEEB1220943D61C7324541FE2C
                                                                                                              Malicious:false
                                                                                                              Preview:..............h.......(....... .................................................................................................... ............................................$.$ ..0./...........................{.{............ ...........<.;..........................................C.BA.@O.N...............{.{...~.~..................G.F..................................................................................................._.]..........................................n.lg.en.l..........................................p.n...............................................................................................................................................................................................................................................................................................................G.......................................G..........

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\Graphics\Rotate7.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):894
                                                                                                              Entropy (8bit):2.4948009720290445
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:kRKIekllisUriJ2IP+eX8iDml8mS8+hlxllwqlllkg2klHYdpqnHp/p5c:p8os0iieX8iNVHX//x2sHYdoHRp5c
                                                                                                              MD5:FB4DFEBE83F554FAF1A5CEC033A804D9
                                                                                                              SHA1:6C9E509A5D1D1B8D495BBC8F57387E1E7E193333
                                                                                                              SHA-256:4F46A9896DE23A92D2B5F963BCFB3237C3E85DA05B8F7660641B3D1D5AFAAE6F
                                                                                                              SHA-512:3CAEB21177685B9054B64DEC997371C4193458FF8607BCE67E4FBE72C4AF0E6808D344DD0D59D3D0F5CE00E4C2B8A4FFCA0F7D9352B0014B9259D76D7F03D404
                                                                                                              Malicious:false
                                                                                                              Preview:..............h.......(....... ....................................................................................................G.F..........................................H.GG.FX.V..............................).(.........G.F.........i.g..................+.*%.$5.4...............n.ln.l{.y.................. .......................u.s............................................................................................................................................................~.~...~.~.................................................................................................................................................................................................................................................................................................................................................G.......................................G..........

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\Graphics\Rotate8.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):894
                                                                                                              Entropy (8bit):2.513882730304912
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:pPv1OuTerb53mpOBfXjQuZfKWpIXE1D6HRp5c:91OEerb53eUQsflpIP4
                                                                                                              MD5:D1C53003264DCE4EFFAF462C807E2D96
                                                                                                              SHA1:92562AD5876A5D0CB35E2D6736B635CB5F5A91D9
                                                                                                              SHA-256:5FB03593071A99C7B3803FE8424520B8B548B031D02F2A86E8F5412AC519723C
                                                                                                              SHA-512:C34F8C05A50DC0DE644D1F9D97696CDB0A1961C7C7E412EB3DF2FD57BBD34199CF802962CA6A4B5445A317D9C7875E86E8E62F6C1DF8CC3415AFC0BD26E285BD
                                                                                                              Malicious:false
                                                                                                              Preview:..............h.......(....... ....................................................................................................g.e..........................................g.eg.ew.u..............................F.E.........g.e..............................E.DA.@P.O..........................................:.9......................................................................................&.%.........................................+.* ..+.*..................................................................................................................................................{.{.......................................................................................~.~...{.{..............................................................................................................................................G.......................................G..........

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\Graphics\Save.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1150
                                                                                                              Entropy (8bit):4.824239610266714
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:Br5ckw0Pce/WPv42lPpJ2/BatY9Y4ollEKeKzn:h6kPccWPQS2UtEYFEKeu
                                                                                                              MD5:7D62E82D960A938C98DA02B1D5201BD5
                                                                                                              SHA1:194E96B0440BF8631887E5E9D3CC485F8E90FBF5
                                                                                                              SHA-256:AE041C8764F56FD89277B34982145D16FC59A4754D261C861B19371C3271C6E5
                                                                                                              SHA-512:AB06B2605F0C1F6B71EF69563C0C977D06C6EA84D58EF7F2BAECBA566D6037D1458C2B58E6BFD70DDEF47DCCBDEA6D9C2F2E46DEA67EA9E92457F754D7042F67
                                                                                                              Malicious:false
                                                                                                              Preview:............ .h.......(....... ..... .....@........................................................................................klT.de..UV..RS..OP..MM..JJ..GG..DD..AA.x;<.x;<.r99.n67..........kl......D$.G2!...............VMH..>3..=6..91.r99..........op.........q[K.G<4..xh...........s..A5..B<..=5.x;<..........uv...........q[K.....G<4..........tg..KC..ID..B<.}>>..........{|.............q[K.q[K.q[K.q[K.vbR.}j[..VT..OL..ID..AA...............................yz..qr..kl..]\..VT..PL..DD.....................c`..^V..XK..R?..M4..G(..A...;...]\..VT..GG................fg.................................;...]\..JJ................mn..................................A...gg..MM................vw..................................G(..qr..OP..................................................M4..yz..RS..................................................R?.g33..UV....................................................XK..XY..XY..................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\Graphics\Setup.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:MS Windows icon resource - 12 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):36710
                                                                                                              Entropy (8bit):5.3785085024370805
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:IXcWz9GU46B4riEzg8CKcqxkk63gBh6wSphnBcI/ObMFp2rOebgcjTQcho:IMWQ2Bf8qqxMQP8pc4XessTJo
                                                                                                              MD5:3D25D679E0FF0B8C94273DCD8B07049D
                                                                                                              SHA1:A517FC5E96BC68A02A44093673EE7E076AD57308
                                                                                                              SHA-256:288E9AD8F0201E45BC187839F15ACA79D6B9F76A7D3C9274C80F5D4A4C219C0F
                                                                                                              SHA-512:3BDE668004CA7E28390862D0AE9903C756C16255BDBB3F7E73A5B093CE6A57A3165D6797B0A643B254493149231ACA7F7F03E0AF15A0CBE28AFF02F0071EC255
                                                                                                              Malicious:false
                                                                                                              Preview:..............(...............h...............h...V... .............. .............. ..........N...00......h...."..00..........^)..00...........8........ .h....T.. .... ......Y..00.... ..%...i..(....... ....................................................................................................w......x......................x..ww...........h...............................w.....w.x..........x................xwvwg.................................................................(....... ...................................jO:.mS?.qWD.v\I.|cP..kX..q_..sa..yg..{j...p..nh..pj..uo..|u..xq..|r..|u..rx..zy..|w.}.y...q...d...y...{......S...]..d..i..r..|...j..j...y...e...k...l..q...y...~...v...y..s..s..m...m...l...n...k...t...l..........................................................................................................................................................................................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\Graphics\SysReqMet.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1150
                                                                                                              Entropy (8bit):5.038533294442847
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:MuoBP5lj49s9NRDe4LakKcTM8cv99uGzMN:MlFH3/Ri4LaN3q
                                                                                                              MD5:661CBD315E9B23BA1CA19EDAB978F478
                                                                                                              SHA1:605685C25D486C89F872296583E1DC2F20465A2B
                                                                                                              SHA-256:8BFC77C6D0F27F3D0625A884E0714698ACC0094A92ADCB6DE46990735AE8F14D
                                                                                                              SHA-512:802CC019F07FD3B78FCEFDC8404B3BEB5D17BFC31BDED90D42325A138762CC9F9EBFD1B170EC4BBCCCF9B99773BD6C8916F2C799C54B22FF6D5EDD9F388A67C6
                                                                                                              Malicious:false
                                                                                                              Preview:............ .h.......(....... ..... .....@..........................................M...........S...........................................q.......................z...................................;........q.c.P.K.|.}............C....................................;.!......................................................Ry,.*w..!.............-.........................................6b..8v................ .+.@............#....................4u..;a..............H.<.........=.C.............................&y..x.e.................$}......................................<.).........\.A............}..................................[.R.}.n.Z.C.y.Y.k.L............. q..............................t.s............r...k.........]{G..............................................y.`.z.h.a.N.e.P...............................................~.q._.J...............................8....................t.p..................?..................................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\Graphics\SysReqNotMet.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1150
                                                                                                              Entropy (8bit):5.854644771288791
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:u2iVNINssNQhYMEyfCHWZZ7rTRrbWjcyuE:uDW871fdZ1lbWjME
                                                                                                              MD5:EE2C05CC9D14C29F586D40EB90C610A9
                                                                                                              SHA1:E571D82E81BD61B8FE4C9ECD08869A07918AC00B
                                                                                                              SHA-256:3C9C71950857DDB82BAAB83ED70C496DEE8F20F3BC3216583DC1DDDA68AEFC73
                                                                                                              SHA-512:0F38FE9C97F2518186D5147D2C4A786B352FCECA234410A94CC9D120974FC4BE873E39956E10374DA6E8E546AEA5689E7FA0BEED025687547C430E6CEFFABFFB
                                                                                                              Malicious:false
                                                                                                              Preview:............ .h.......(....... ..... .....@....................................../..F..........!....n....d..................................;.............,+..AB..UV..XZ...1.....S......................U.....................EE..\[..rr......NP.....^..............<s.....................!.$)..AC..jj..ww..{{..57.....4........01.................H..........N?8;..[[..ba..`_..TU....L.......bj]^..QP.........:..........)N#&..>=..GG..HI..IJ..EE..!#......24..mm..hh..,.............+N........)(..*-.....{-...-,........ SPS..zy..qr....qq......0NCE..33..%%........ZJ...."$..0/../1....?qRU............W}..)A]^..rr..qq..Y[...._z........CE..RQ..AC....8`79.........SU..ab......||..ef....ey...........QZ[..ZZ..=?.....(...d....................pr.....H............IK..jj..fg..*,..........]_..................[y.......(..:VQS..{z..ut..ab....'H...........?................||..ef..jk..................$%d....................W....................................*,n.............................HI......................WY

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\Graphics\stop.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:MS Windows icon resource - 6 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):10134
                                                                                                              Entropy (8bit):6.016582854640062
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:uC1kqWje1S/f1AXa0w+2ZM4xD02EuZkULqcA0zjrpthQ2Ngms9+LmODclhpjdfLt:JkqAFqroMS9lD9Ngr9+m7bxpXHT5ToYR
                                                                                                              MD5:5DFA8D3ABCF4962D9EC41CFC7C0F75E3
                                                                                                              SHA1:4196B0878C6C66B6FA260AB765A0E79F7AEC0D24
                                                                                                              SHA-256:B499E1B21091B539D4906E45B6FDF490D5445256B72871AECE2F5B2562C11793
                                                                                                              SHA-512:69A13D4348384F134BA93C9A846C6760B342E3A7A2E9DF9C7062088105AC0B77B8A524F179EFB1724C0CE168E01BA8BB46F2D6FAE39CABE32CAB9A34FC293E4A
                                                                                                              Malicious:false
                                                                                                              Preview:...... ..........f...........(...N... ..........v...........h....... .... ............... .h....#..(... ...@......................................................................................................wwx...........w....w.........x....x.........x.y.......................p..............x.........q.......p.........q.................xy...........q.......................p.............y..................x.y..............y.y.............yyy.........S........x..........yy.............x.yyyx......................Q.8.........x..............y....qy.p...y.....x.....p........y....9.....y....yy..yx.......y..yyyw..p.....y.yyyyy................x.p........y.yy..........x...x............x.................wwx.....................?...................................................................................................?............(....... ..................................................................................................ww.....w..........xx..x........x....p........xy

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\Graphics\warn.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:MS Windows icon resource - 6 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):10134
                                                                                                              Entropy (8bit):4.3821301214809045
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:USAk9ODMuYKFfmiMyT4dvsZQl+g8DnPUmXtDV3EgTtc:r9wM7pyEBlcgssmXpVUgJc
                                                                                                              MD5:B2B1D79591FCA103959806A4BF27D036
                                                                                                              SHA1:481FD13A0B58299C41B3E705CB085C533038CAF5
                                                                                                              SHA-256:FE4D06C318701BF0842D4B87D1BAD284C553BAF7A40987A7451338099D840A11
                                                                                                              SHA-512:5FE232415A39E0055ABB5250B120CCDCD565AB102AA602A3083D4A4705AC6775D45E1EF0C2B787B3252232E9D4673FC3A77AAB19EC79A3FF8B13C4D7094530D2
                                                                                                              Malicious:false
                                                                                                              Preview:...... ..........f...........(...N... ..........v...........h....... .... ............... .h....#..(... ...@................................................................................................................................................................wwwww.....wwww...................3333333333338...{....3s.....x...{....0G;.............0.;...7.........33....8.....{...33..............0....7...............8.......{....;.............0.;.............0...8...........4...............wu;.............ww;.............ww;?...........;ww;.............7w................................8.............{...................................................................................................................................................................?...?..................................................?...?.........(....... ........................................................................................................333333;...............8.........;........

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\ParameterInfo.xml

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (314), with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8968
                                                                                                              Entropy (8bit):3.5907064103424333
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:gCwdBdVv3CL021BqG2ahBCw2G2X2BCEj2G2KQ6G2nCw+KFl:kRPGiGPKGPGYCrKFl
                                                                                                              MD5:66590F13F4C9BA563A9180BDF25A5B80
                                                                                                              SHA1:D6D9146FAEEC7824B8A09DD6978E5921CC151906
                                                                                                              SHA-256:BF787B8C697CE418F9D4C07260F56D1145CA70DB1CC4B1321D37840837621E8F
                                                                                                              SHA-512:ABA67C66C2F3D9B3C9D71D64511895F15F696BE8BE0EEDD2D6908E1203C4B0CF318B366F9F3CD9C3B3B8C0770462F83E6EEA73E304C43F88D0CBEDF69E7C92B3
                                                                                                              Malicious:false
                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .S.e.t.u.p.V.e.r.s.i.o.n.=.".1...0.".>..... . .<.U.I. .D.l.l.=.".S.e.t.u.p.U.i...d.l.l.". .N.a.m.e.=.".M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.0. . .x.8.6. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .S.e.t.u.p.". .V.e.r.s.i.o.n.=.".1.0...0...3.0.3.1.9.". ./.>..... . .<.C.o.n.f.i.g.u.r.a.t.i.o.n.>..... . . . .<.D.i.s.a.b.l.e.d.C.o.m.m.a.n.d.L.i.n.e.S.w.i.t.c.h.e.s.>..... . . . . . .<.C.o.m.m.a.n.d.L.i.n.e.S.w.i.t.c.h. .N.a.m.e.=.".c.r.e.a.t.e.l.a.y.o.u.t.". ./.>..... . . . .<./.D.i.s.a.b.l.e.d.C.o.m.m.a.n.d.L.i.n.e.S.w.i.t.c.h.e.s.>..... . . . .<.U.s.e.r.E.x.p.e.r.i.e.n.c.e.D.a.t.a.C.o.l.l.e.c.t.i.o.n. .P.o.l.i.c.y.=.".U.s.e.r.C.o.n.t.r.o.l.l.e.d.". ./.>..... . . . .

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):78152
                                                                                                              Entropy (8bit):6.011592088917562
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:sYNItbBL5NWiiESc0exWZnqxMQP8ZOs0JD9rHUq:sYNAB9NWTZctc/gBJ9oq
                                                                                                              MD5:006F8A615020A4A17F5E63801485DF46
                                                                                                              SHA1:78C82A80EBF9C8BF0C996DD8BC26087679F77FEA
                                                                                                              SHA-256:D273460AA4D42F0B5764383E2AB852AB9AF6FECB3ED866F1783869F2F155D8BE
                                                                                                              SHA-512:C603ED6F3611EB7049A43A190ED223445A9F7BD5651100A825917198B50C70011E950FA968D3019439AFA0A416752517B1C181EE9445E02DA3904F4E4B73CE76
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.................j.}.....].v.....h.w.....\.H...v.e.|.......B.....h.~.....Y.|.....].~.....m.~.....l.~.....k.~...Rich............PE..L......K.........."......f...........+............@..........................P............@...... ..................pu..x...Tp..<.......................H....@...... ................................(..@............................................text....e.......f.................. ..`.data................j..............@....rsrc................v..............@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\SetupEngine.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):807256
                                                                                                              Entropy (8bit):6.357664904941565
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24576:GS62nlYAqK/AitUgiuVQk/oifPNJIkjbSTzR8NmsBJj:GS62nlYAltBjPNJIkHST18QsBJ
                                                                                                              MD5:84C1DAF5F30FF99895ECAB3A55354BCF
                                                                                                              SHA1:7E25BA36BCC7DEED89F3C9568016DDB3156C9C5A
                                                                                                              SHA-256:7A0D281FA802D615EA1207BD2E9EBB98F3B74F9833BBA3CB964BA7C7E0FB67FD
                                                                                                              SHA-512:E4FB7E4D39F094463FDCDC4895AB2EA500EB51A32B6909CEC80A526BBF34D5C0EB98F47EE256C0F0865BF3169374937F047BF5C4D6762779C8CA3332B4103BE3
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................&......&.......R.....z.....O.....{......B...........O.....~.....J.....K.....L....Rich...........................PE..L......K.........."!................Y...............................................;.....@.....................................h....................:..X...............................................@............................................text............................... ..`.data...8...........................@....rsrc................f..............@..@.reloc...............p..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\SetupUi.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):295248
                                                                                                              Entropy (8bit):6.262127887617593
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:/LTVUK59JN+C0iy4Ww8oBcPFIOrvHvr8QDZHAAKWiIHT6llN1QkvQZaiionv5y/y:HOoMFrz8ygAKWiiIyKf73w
                                                                                                              MD5:EB881E3DDDC84B20BD92ABCEC444455F
                                                                                                              SHA1:E2C32B1C86D4F70E39DE65E9EBC4F361B24FF4A1
                                                                                                              SHA-256:11565D97287C01D22AD2E46C78D8A822FA3E6524561D4C02DFC87E8D346C44E7
                                                                                                              SHA-512:5750CEC73B36A3F19BFB055F880F3B6498A7AE589017333F6272D26F1C72C6F475A3308826268A098372BBB096B43FBD1E06E93EECC0A81046668228BC179A75
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............I...I...I..bI...I..WI...I..cI..I..ZI...I...IG..I..WI...I..fI...I..RI...I..SI...I..TI...IRich...I................PE..L......K.........."!................................................................yq....@..........................................P...............j..P....`..0?..................................`z..@............................................text............................... ..`.data....Q.......4..................@....rsrc........P......................@..@.reloc...T...`...V..................@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\SetupUi.xsd

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines (335), with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):30120
                                                                                                              Entropy (8bit):4.990211039591874
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:hlzLm8eYhsPs05F8/ET/chT+cxcW8G2P4oeTMC:1wchT+cxcDm
                                                                                                              MD5:2FADD9E618EFF8175F2A6E8B95C0CACC
                                                                                                              SHA1:9AB1710A217D15B192188B19467932D947B0A4F8
                                                                                                              SHA-256:222211E8F512EDF97D78BC93E1F271C922D5E91FA899E092B4A096776A704093
                                                                                                              SHA-512:A3A934A8572FF9208D38CF381649BD83DE227C44B735489FD2A9DC5A636EAD9BB62459C9460EE53F61F0587A494877CD3A3C2611997BE563F3137F8236FFC4CA
                                                                                                              Malicious:false
                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema".. xmlns="http://schemas.microsoft.com/SetupUI/2008/01/imui".. xmlns:imui="http://schemas.microsoft.com/SetupUI/2008/01/imui".. targetNamespace="http://schemas.microsoft.com/SetupUI/2008/01/imui".. elementFormDefault="qualified"..attributeFormDefault="unqualified"..>.... <xs:annotation>.. <xs:documentation>.. Copyright (c) Microsoft Corporation. All rights reserved... Schema for describing DevDiv "Setup UI Info".. </xs:documentation>.. </xs:annotation>.... <xs:element name="SetupUI">.. <xs:annotation>.. <xs:documentation>specifies UI dll, and lists of MSIs MSPs and EXEs</xs:documentation>.. </xs:annotation>.. <xs:complexType>.. <xs:sequence>.. <xs:choice>.. <xs:element ref="UI" minOccurs="1" maxOccurs="1"></xs:element>.. <xs:element ref="Strings" minOccurs="1" maxOccurs="1"></xs:element>..

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\SplashScreen.bmp

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:PC bitmap, Windows 3.x format, 200 x 200 x 8, image size 40000, resolution 3779 x 3779 px/m, cbSize 41078, bits offset 1078
                                                                                                              Category:dropped
                                                                                                              Size (bytes):41078
                                                                                                              Entropy (8bit):0.3169962482036715
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:SgrNa0EfB4elU+jB+rQXJH4+Cs77hIfVHCv4ToqIzgPc8wcKHL+3:3pa0e4YjB5vAHk4E7zgPcDc53
                                                                                                              MD5:43B254D97B4FB6F9974AD3F935762C55
                                                                                                              SHA1:F94D150C94064893DAED0E5BBD348998CA9D4E62
                                                                                                              SHA-256:91A21EBA9F5E1674919EE3B36EFA99714CFB919491423D888CB56C0F25845969
                                                                                                              SHA-512:46527C88F0AED25D89833B9BE280F5E25FFCEAE6BC0653054C8B6D8EBE34EBA58818A0A02A72BD29279310186AC26D522BBF34191FBDE279A269FC9DA5840ACC
                                                                                                              Malicious:false
                                                                                                              Preview:BMv.......6...(...................@.......................{7...>...h?..D...N...K..........xE..._#..q..T...X...Q...[..._...c...j....>.!....f...v...r...."..v....0....... ..........4..I.........[...}..............j.............................................................................................................i......................@>1.......................................................o...u...u...z...z...~............................................................................................................................................................................{...~.................................................................................................................yw`......................................................................................................................................................//'...........................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\Strings.xml

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):14246
                                                                                                              Entropy (8bit):3.70170676934679
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:VAZo71GHY3vqaqMnYfHHVXIHjfBHwnwXCa+F:VAB
                                                                                                              MD5:332ADF643747297B9BFA9527EAEFE084
                                                                                                              SHA1:670F933D778ECA39938A515A39106551185205E9
                                                                                                              SHA-256:E49545FEEAE22198728AD04236E31E02035AF7CC4D68E10CBECFFD08669CBECA
                                                                                                              SHA-512:BEA95CE35C4C37B4B2E36CC1E81FC297CC4A8E17B93F10423A02B015DDB593064541B5EB7003560FBEEE512ED52869A113A6FB439C1133AF01F884A0DB0344B0
                                                                                                              Malicious:false
                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p.U.I. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p.U.I./.2.0.0.8./.0.1./.i.m.u.i.". ..... . . . . . . . . .x.m.l.n.s.:.i.m.u.i.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p.U.I./.2.0.0.8./.0.1./.i.m.u.i.". .>..... . .<.S.t.r.i.n.g.s.>..... . . . .<.!.-.-. .R.e.f.l.e.c.t.i.v.e. .p.r.o.p.e.r.t.y. .p.a.g.e. .-.-.>..... . . . .<.I.D.S._.C.A.P.T.I.O.N._.F.O.R.M.A.T._.1.S.>.#.(.l.o.c...i.d.s._.c.a.p.t.i.o.n._.f.o.r.m.a.t._.1.s.).<./.I.D.S._.C.A.P.T.I.O.N._.F.O.R.M.A.T._.1.S.>..... . . . .<.I.D.S._.I.S._.R.E.A.L.L.Y._.C.A.N.C.E.L.>.#.(.l.o.c...i.d.s._.i.s._.r.e.a.l.l.y._.c.a.n.c.e.l.).<./.I.D.S._.I.S._.R.E.A.L.L.Y._.C.A.N.C.E.L.>......... . . . .<.!.-.-. .S.y.s.t.e.m. .R.e.q.u.i.r.e.m.e.n.t.s. .p.a.g.e. .-.-.>..... . . . .<.S.Y.S.R.E.Q.P.A.G.E._.R.E.Q.U.I.R.E.D._.A.N.D._.A.V.A.I.L.A.B.L.E._.D.I.S.K._.S.P.A.C.E.>.#.(.l.o.c...s.y.s.r.e.q.

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\UiInfo.xml

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):36342
                                                                                                              Entropy (8bit):3.0937266645670003
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:S4UR0d5v0SguJQvFQXvDINJh6Fmhvk71sO0Nep3UL9Eu+dOtOcOdOjT5fuPkfuS:S4UR0d5v0QYQLIN/6Fmhvk71sO0Nep3q
                                                                                                              MD5:812F8D2E53F076366FA3A214BB4CF558
                                                                                                              SHA1:35AE734CFB99BB139906B5F4E8EFBF950762F6F0
                                                                                                              SHA-256:0D36A884A8381778BEA71F5F9F0FC60CACADEBD3F814679CB13414B8E7DBC283
                                                                                                              SHA-512:1DCC3EF8C390CA49FBCD50C02ACCD8CC5700DB3594428E2129F79FEB81E4CBBEEF1B4A10628B2CD66EDF31A69ED39CA2F4E252AD8AA13D2F793FCA5B9A1EAF23
                                                                                                              Malicious:false
                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p.U.I. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p.U.I./.2.0.0.8./.0.1./.i.m.u.i.". .x.m.l.n.s.:.i.m.u.i.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p.U.I./.2.0.0.8./.0.1./.i.m.u.i.". .>..... . .<.U.I.>......... . . . .<.R.e.s.o.u.r.c.e.D.l.l.>.S.e.t.u.p.R.e.s.o.u.r.c.e.s...d.l.l.<./.R.e.s.o.u.r.c.e.D.l.l.>..... . . . .<.S.p.l.a.s.h.S.c.r.e.e.n.>..... . . . . . .<.H.i.d.e./.>..... . . . .<./.S.p.l.a.s.h.S.c.r.e.e.n.>......... . . . .<.L.C.I.D.H.i.n.t.s.>..... . . . . . .<.L.C.I.D.H.i.n.t.>..... . . . . . . . .<.R.e.g.K.e.y.>.H.K.C.U.\.S.o.f.t.w.a.r.e.\.M.i.c.r.o.s.o.f.t.\.V.i.s.u.a.l.S.t.u.d.i.o.\.9...0.\.G.e.n.e.r.a.l.<./.R.e.g.K.e.y.>..... . . . . . . . .<.R.e.g.V.a.l.u.e.N.a.m.e.>.U.I.L.a.n.g.u.a.g.e._.f.a.k.e.<./.R.e.g.V.a.l.u.e.N.a.m.e.>..... . . . . . .<./.L.C.I.D.H.i.n.t.>..... . . . . . .<.L.C.I.D.H.i.n.t.>..... . . . . .

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\header.bmp

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:PC bitmap, Windows 3.x format, 49 x 49 x 24, image size 7254, resolution 2834 x 2834 px/m, cbSize 7308, bits offset 54
                                                                                                              Category:dropped
                                                                                                              Size (bytes):7308
                                                                                                              Entropy (8bit):3.7864255453272464
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:9L9GXidTgX2bqxIS0SRosEYYgJSIf4pKTg7pDdEAeObh8EWu:R/Y2bq10Q/EY1sK8M4bb
                                                                                                              MD5:3AD1A8C3B96993BCDF45244BE2C00EEF
                                                                                                              SHA1:308F98E199F74A43D325115A8E7072D5F2C6202D
                                                                                                              SHA-256:133B86A4F1C67A159167489FDAEAB765BFA1050C23A7AE6D5C517188FB45F94A
                                                                                                              SHA-512:133442C4A65269F817675ADF01ADCF622E509AA7EC7583BCA8CD9A7EB6018D2AAB56066054F75657038EFB947CD3B3E5DC4FE7F0863C8B3B1770A8FA4FE2E658
                                                                                                              Malicious:false
                                                                                                              Preview:BM........6...(...1...1...........V.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\sqmapi.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):144416
                                                                                                              Entropy (8bit):6.7404750879679485
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:uochw/MFWrJjKOMxRSepuBaqn/NlnBh2Lx0JVzx1wWobn1ek8F7HncO5hK9YSHlN:zDFB47UhXBh2yJ5HcOSSSHZqG
                                                                                                              MD5:3F0363B40376047EFF6A9B97D633B750
                                                                                                              SHA1:4EAF6650ECA5CE931EE771181B04263C536A948B
                                                                                                              SHA-256:BD6395A58F55A8B1F4063E813CE7438F695B9B086BB965D8AC44E7A97D35A93C
                                                                                                              SHA-512:537BE86E2F171E0B2B9F462AC7F62C4342BEB5D00B68451228F28677D26A525014758672466AD15ED1FD073BE38142DAE478DF67718908EAE9E6266359E1F9E8
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................................................Rich...................PE..L....IE...........!.........$.....................l.........................@......R.....@.........................D.......$...d....................... (... ......P...8............................\..@.......t.......D............................text............................... ..`.data...............................@....rsrc...............................@..@.reloc....... ......................@..Ba.IE8....IEC....IEP....IEZ.....IEe....IEP...........msvcrt.dll.ADVAPI32.dll.ntdll.DLL.USER32.dll.KERNEL32.dll...............................................................................................................................................................................................................................................

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\vc_red.cab

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:Microsoft Cabinet archive data, 4186145 bytes, 19 files, at 0x44 +A "F_CENTRAL_atl100_x86" +A "F_CENTRAL_mfc100_x86", flags 0x4, number 1, extra bytes 20 in head, 354 datablocks, 0x1503 compression
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4192089
                                                                                                              Entropy (8bit):7.999755784501758
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:98304:YHgT57PlfosWFk9TRxWCP/kbNfS2g92D7epPC1txsBDDfifN7wVH:YHmPxFik99xlnANfcM3YDIN7YH
                                                                                                              MD5:6C59FECF51931FB4540E571AE0310098
                                                                                                              SHA1:DB5B0E9F7D20D2B1CCD61320ECCA7A60E118619B
                                                                                                              SHA-256:08E4D5BAD48C0203FDF02FDC28794F820DFB1D4480BDCAC562E7BC6E15FFAAD3
                                                                                                              SHA-512:D9CC7C6EF54105C981AACAAFDE890019AF766B53417E765FA7636C3B8A4400CE6F987CCEF1A54B4521412A8E45C011476C065CEBC892688AEED1B027E3E761BA
                                                                                                              Malicious:false
                                                                                                              Preview:MSCF....!.?.....D...........................!.?.8...........Y...b...H.........r<.I .F_CENTRAL_atl100_x86.HAB.H.....r<.I .F_CENTRAL_mfc100_x86.P....\D...r<.I .F_CENTRAL_mfc100chs_x86.P.....D...r<.I .F_CENTRAL_mfc100cht_x86.P...0wE...r<.I .F_CENTRAL_mfc100deu_x86.P....rF...r<.I .F_CENTRAL_mfc100enu_x86.P....IG...r<.I .F_CENTRAL_mfc100esn_x86.P... CH...r<.I .F_CENTRAL_mfc100fra_x86.P...p>I...r<.I .F_CENTRAL_mfc100ita_x86.P....1J...r<.I .F_CENTRAL_mfc100jpn_x86.P.....J...r<.I .F_CENTRAL_mfc100kor_x86.P...`.K...r<.I .F_CENTRAL_mfc100rus_x86.P.B..sL...r<.I .F_CENTRAL_mfc100u_x86.P9........r<.I .F_CENTRAL_mfcm100_x86.P;..PV....r<.I .F_CENTRAL_mfcm100u_x86.Pm........r<.I .F_CENTRAL_msvcp100_x86.P.........r<.I .F_CENTRAL_msvcr100_x86.P...@.....r<.I .F_CENTRAL_vcomp100_x86.P3........r<.. .FL_msdia71_dll_2_60035_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8...W..:..[..... '.."S`$..n...W..de`e. .(.$.gV...2..X@A..ra*NR<cq|...{.`.p.M.. .).JM....q..........Q.......?.........2..nL......U.f#[v..#--

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\vc_red.msi

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2010 x86 Redistributable, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319., Template: Intel;0, Revision Number: {F035AD1C-45C3-4166-865F-C2F7CD4958B1}, Create Time/Date: Fri Mar 19 16:11:58 2010, Last Saved Time/Date: Fri Mar 19 16:11:58 2010, Number of Pages: 200, Name of Creating Application: Windows Installer XML (3.5.0626.0), Security: 2, Number of Words: 2
                                                                                                              Category:dropped
                                                                                                              Size (bytes):155136
                                                                                                              Entropy (8bit):6.337010677866242
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:sMf8zRfPfe6Ss7xJjc769oH12dwGNdJK0+E4mN2EKK995:ERHfeps7xRrldw7I
                                                                                                              MD5:CD2B99BB86BA6A499110C72B78B9324E
                                                                                                              SHA1:7A288418B36E681093B33DC169E4D27C2EE33EDD
                                                                                                              SHA-256:41F6B61E0C070C86E32D8777629DFC8E860848865FEFA0BA7D69E9FEF0A3B174
                                                                                                              SHA-512:17174B8F0186F05BE1E20215AAFD64797EC4F831A0D3E0E97ADE3F0A25CB6F78D1D8BF568DFEA1B2DE2ADD3A9D64AAA5B4319F7927301D5D73BBAB1B0EAAE3D5
                                                                                                              Malicious:false
                                                                                                              Preview:......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                              C:\1fc170e2ba0f8da87b9ffca6da4e715d\watermark.bmp

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              File Type:PC bitmap, Windows 3.x format, 164 x 628 x 24, image size 308978, resolution 2834 x 2834 px/m, cbSize 309032, bits offset 54
                                                                                                              Category:dropped
                                                                                                              Size (bytes):309032
                                                                                                              Entropy (8bit):6.583379857106919
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:yUDLmozgtuVYKKKvwUbKh5+/uWLspp2e1jSaMsb1bIZU0g0WQbO//QGVYBtGKQgc:yUDLmozvygKjzbIGgBZBkUfDfc
                                                                                                              MD5:1A5CAAFACFC8C7766E404D019249CF67
                                                                                                              SHA1:35D4878DB63059A0F25899F4BE00B41F430389BF
                                                                                                              SHA-256:2E87D5742413254DB10F7BD0762B6CDB98FF9C46CA9ACDDFD9B1C2E5418638F2
                                                                                                              SHA-512:202C13DED002D234117F08B18CA80D603246E6A166E18BA422E30D394ADA7E47153DD3CCE9728AFFE97128FDD797FE6302C74DC6882317E2BA254C8A6DB80F46
                                                                                                              Malicious:false
                                                                                                              Preview:BM(.......6...(.......t.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):118
                                                                                                              Entropy (8bit):3.5700810731231707
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                                              MD5:573220372DA4ED487441611079B623CD
                                                                                                              SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                                              SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                                              SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                                              Malicious:false
                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_3323f08b4d67f24a49dcac47a8ac8f69775d6939_455b7b6e_877e2b7c-12e8-428e-bdd7-12f892a79b4d\Report.wer

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):65536
                                                                                                              Entropy (8bit):1.1350835840871176
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:mkMVpscI4b0BU/3DzJDzqjtgA/1czxwzuiF4pZ24IO8EKDzy:qycXoBU/3JqjMKzuiF4pY4IO8zy
                                                                                                              MD5:5A1A1CE1740421A1A3EA2C8021435248
                                                                                                              SHA1:F364D023072D6C9710F2FF0CA314C9D9E8EA5BEA
                                                                                                              SHA-256:09579F45F9C14AB8A94E246CBB2F80A936C4E7AE026A018FE5D4DED27074A990
                                                                                                              SHA-512:1E0D127F5DA87C41607BB9F9BEA5B47B14239E63A96E97194395F5FBE3D4ACC029DCDE455760DB0FC9D678384A962B3E1451AAB257107C055B838742228566F1
                                                                                                              Malicious:false
                                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.3.1.9.9.6.1.0.7.7.3.0.8.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.3.1.9.9.6.9.4.6.7.9.3.0.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.7.7.e.2.b.7.c.-.1.2.e.8.-.4.2.8.e.-.b.d.d.7.-.1.2.f.8.9.2.a.7.9.b.4.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.7.6.8.e.4.c.4.-.8.7.7.5.-.4.9.f.2.-.b.9.6.5.-.6.e.5.d.3.9.4.a.4.f.1.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.a.4.-.0.0.0.1.-.0.0.1.4.-.d.c.f.1.-.b.2.f.0.4.c.5.d.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.b.4.8.6.0.3.f.6.a.1.d.f.f.a.b.2.f.f.4.5.8.7.8.0.0.2.5.f.6.a.3.c.2.e.5.2.3.c.3.c.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER72CC.tmp.dmp

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              File Type:Mini DuMP crash report, 15 streams, Thu Jan 2 19:32:43 2025, 0x1205a4 type
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4703706
                                                                                                              Entropy (8bit):2.295546750524502
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:XS0qBgCjmxEjrtQjiRRqrSGVcPufqJkVv5TqmA4p+5Ji015A2g:CFdax0xQjir0SGEufqJkVv5mC+5w
                                                                                                              MD5:C8DC650FF9154BEA3EC6CBF70453CAEE
                                                                                                              SHA1:ADF5B62A66C63536F512DDE84453F37F3B04464F
                                                                                                              SHA-256:A087A47ECBA44BB098EAF32CA162E301411904707947C46EB3BB768E6AC2BC3C
                                                                                                              SHA-512:ACBFA122EEB3FEE0778D4635094E57227B04864983ABDD3A0D1C6F06545A1B7689224A7A76CE34099513D231D201E9A0FC351D1F5AE05DEF88C198CA7BAEED77
                                                                                                              Malicious:false
                                                                                                              Preview:MDMP..a..... .........vg............Td..............hk......$...........t...xq..........`.......8...........T...........(.....E.........4........... ...............................................................................eJ..............GenuineIntel............T.............vg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER92B9.tmp.WERInternalMetadata.xml

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):6340
                                                                                                              Entropy (8bit):3.721384577736964
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:R6l7wVeJoxC6BnOMYik4c0rpr289bwFsfCyQm:R6lXJZ6BnOMYt4c6wefC0
                                                                                                              MD5:E6A0AEBF410A5CB3A8F18F35DC34477A
                                                                                                              SHA1:C9FE29F64FC8A9326B7CDA5287659C755B7C8BC5
                                                                                                              SHA-256:D275B8243E098D9BD0108BE3B27DA51140C6C8AF4AEDFD6692582742C06CE61A
                                                                                                              SHA-512:4542B244DF13AFA1758806EC31782EEA658AD0F0E63106FF20FD77D6F8A7359B811E240125EB8E2D60F521B29D3F37C83132CCB87072E0E1B569DC7E6BA15D79
                                                                                                              Malicious:false
                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.7.9.6.<./.P.i.

                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER92F8.tmp.xml

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4590
                                                                                                              Entropy (8bit):4.4695177940834165
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:cvIwWl8zsIJg77aI93UWpW8VYbYm8M4JFJF8+q8nL5OuZid:uIjfOI7VN7VbJ64OuZid
                                                                                                              MD5:C6BEFC593484F2FF658DFA0F3B8D933F
                                                                                                              SHA1:CEF606345AA537B713FF3B2CFFF71655309564CD
                                                                                                              SHA-256:4459758262EBFF6AF77229BA1993B62D929D7D9ADA00F943F9D17D9AC33DE3C8
                                                                                                              SHA-512:2863703DF4C31B68439CBEC05093C58E74756A732281E9E2435B853BFCAF8141DEEB2EB40CC8A15AC92C1B88A1E5F39348DF80634B81C45FC875BD084F35CFCE
                                                                                                              Malicious:false
                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="658715" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                              C:\ProgramData\Synaptics\RCX7988.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:modified
                                                                                                              Size (bytes):771584
                                                                                                              Entropy (8bit):6.6264053582391735
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9IIr:ansJ39LyjbJkQFMhmC+6GD9j
                                                                                                              MD5:7407C51DD7AC30C4D79658D991A8B5D6
                                                                                                              SHA1:B48603F6A1DFFAB2FF458780025F6A3C2E523C3C
                                                                                                              SHA-256:1316730BBC50851C02F53254F9C57B99AF50A07BB0776332D1480BABD626F39A
                                                                                                              SHA-512:38334452808E5D203B287E2F4A47B8F5BBCE1ED18FABCFA4A61B8C04429150DFBFFE2241323B3C87D90ABBABBED49A5CEA584CC1CE83BF519BB728E1D6AC18EB
                                                                                                              Malicious:true
                                                                                                              Yara Hits:
                                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCX7988.tmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCX7988.tmp, Author: Joe Security
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                              • Antivirus: ReversingLabs, Detection: 94%
                                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                              C:\ProgramData\Synaptics\Synaptics.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):5844992
                                                                                                              Entropy (8bit):7.938941354909632
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:98304:Rnsmtk2aIuLgywiN1ah6HcG0UJrN7SDgndrHZDMeaNNjt0CKKBgY2r71pZ/APaOb:tLK7wq1W6HqULS8djZDTaNNeCKVP5ORV
                                                                                                              MD5:0C5DC3D854163DB3F05E69DA8C482963
                                                                                                              SHA1:848E0DBD6B93C57B4178C5427F937C2826F888A1
                                                                                                              SHA-256:D9208FB65A6BD0364E830E1FF3689B07724D34DCA35F5E9CD0C457278675EB59
                                                                                                              SHA-512:29414DC97FD959AFE6DD6B41C4FEF64942C19181B423549FD6F326ED0CA6466049449A3141965EB133DEFA2A714321FF34793E66EA57D5643E34F07FD9B41909
                                                                                                              Malicious:true
                                                                                                              Yara Hits:
                                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                              • Antivirus: ReversingLabs, Detection: 89%
                                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*......................O...................@...........................Y..................@..............................B*........N..................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc.....N.......N.................@..P....................................@..P........................................................................................................................................

                                                                                                              C:\ProgramData\Synaptics\Synaptics.exe:Zone.Identifier

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):26
                                                                                                              Entropy (8bit):3.95006375643621
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:ggPYV:rPYV
                                                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                              Malicious:true
                                                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                                                              C:\Users\user\AppData\Local\Temp\3KOTXWc.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.2492143595990735
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0ubSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+j+pAZewRDK4mW
                                                                                                              MD5:F1E0CF0678F0976C2A23EBDD531A40A2
                                                                                                              SHA1:FF52DAC69B0D70674830087C2B9340BF0D820A81
                                                                                                              SHA-256:EB9E9349A0F16EA75964BBE8330EDE5A7769B6B4027E016443F90BE815A342D8
                                                                                                              SHA-512:D45752A3408C7019E9434B1F48AC0E073569771BB7BD1484BC7F38D686A1EE2D9589B730E79FAC43D16C51C9BCF0F5B08A95B6DB748487F9E3706CD31C44EAD5
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="dR-eln8KmP1Lb2Od1A_5fw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\5Det2Xz.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.266933311321778
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0rbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+0+pAZewRDK4mW
                                                                                                              MD5:48D3EAF5800F0E0F09A7F557619A32FB
                                                                                                              SHA1:CE685196D6D15C9F15D379CC085E44034525E118
                                                                                                              SHA-256:096A1881B3397662C231B27BFDC964794C1A760E6A68983B51323B00E8B65FFE
                                                                                                              SHA-512:C001E5D21BCE41D63DFE11BCD7C8F2A5EEA787666DACB0F816D141CB6B4A91EBF546D2CD20FC40D34F6F50FCF207724A2A8BDABEAEC8D69C0B6426C35E865F68
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-GK9VWoVXIZ4WExKaNLiig">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\7I1FiNH.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.255491322831788
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0W/SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+9+pAZewRDK4mW
                                                                                                              MD5:D6CEAF0F4AF80E5100729BEA6E0CC8F6
                                                                                                              SHA1:E78099899A9ADE540DF3FAFAC7DBD3E211396E6C
                                                                                                              SHA-256:0E2747B43CF9A7417955C5C54D93120F3F1E8D22B03DD0D243C568017D1D846D
                                                                                                              SHA-512:687D56862313790CC97B04A9ABC16E9866B443C529D032F998489A9D12018A147863EEB12D73B43DEA95438423BC637269278D12142ED452D912C3A03BF7BBE9
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LikQf5xKTo8qTYhzi75Idg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\8J8EVBf.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.2639801349712005
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0BySU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+/+pAZewRDK4mW
                                                                                                              MD5:2070E46400D410088920B9E0D0631E9B
                                                                                                              SHA1:9D2621490B9A3441ABAF303E661A553ACCA8C8D0
                                                                                                              SHA-256:DE7DDC3AF3D70FE1BB4FC3B9BCC0D61EC9A26173DF0CE86D05B7B1692E26117F
                                                                                                              SHA-512:BBFC25BD1426C425AFBB8EE032F99B19315839137B049A3B3EE907399F9FC0534C5453DBF5366E12295D1C9742823D3E9817AB97EC6CFB56DABC7F7170DA9AFE
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ojCx5pAJkByLhJ7_uZx4Ww">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\99BbwIN.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.267055288965376
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0XSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+E+pAZewRDK4mW
                                                                                                              MD5:20FEBF1568FAEA073151D95D55A71EBD
                                                                                                              SHA1:ED3C5F236265464BE36981A525868FEF44469C43
                                                                                                              SHA-256:D86558471962310F80687F90744C888B446988656CA15B2241D996E1140EA122
                                                                                                              SHA-512:5A5E864DBAA78E0A013D73D12E257ADB8FA192501976A3A6A695333A5D54BEDEB328931678FB028DC3C6F1AAF5505CA8DE053BCB11D410EAD4D173B77F172D29
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="R8yk3mP9mQPV6q8n83UwTw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\9PzLych.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.254525351218482
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+03SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Q+pAZewRDK4mW
                                                                                                              MD5:0145B7A65F008728729D55AC98A535BA
                                                                                                              SHA1:5D0AC58D3D984F210A6AE348DD6C4B16D1E69AE3
                                                                                                              SHA-256:C1C9D8E5F1591548D2A12AAEE1ACF5FCAA13DE8DD2B83AFC933BFEDAEF805231
                                                                                                              SHA-512:B57BF6D9F3AC95353B1B2DB1B7AE4410A053BEE5D261DCC9EB892FFB97ABC17A637603A367B422FDF65DCA8E51368ABB5462CADC394E12A2ABD9612232572C5A
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Jhc82cszCffSShshcrbIxA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\9aMfrhP.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.2744684375959245
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0uSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+p+pAZewRDK4mW
                                                                                                              MD5:3AC5D6FFF647757AE578E2918B110266
                                                                                                              SHA1:0E1DE06015D8004FB57ACED3CB1C6EB4B60638BB
                                                                                                              SHA-256:99CBFE0900952B7DE105E335522534CF4F7F001EEF822EFA93F92CF3E549EC91
                                                                                                              SHA-512:6EB6EB465AC6923CC07042BA599D03D984305640D8A342354376A95DD581C91A1F181BF1760059781C37F49B27AA235C6BB3E0EE25A87547D6B8ED2A22948510
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5KK4_WZUJtO3jcJLNh1ZxA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\B2l1GFc.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.255088118892879
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0UDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+l+pAZewRDK4mW
                                                                                                              MD5:B1D21CD2567362823A7F4837B623315A
                                                                                                              SHA1:5C85D19572160FE4376C4936E3CC83B15841B8AB
                                                                                                              SHA-256:853B2DFDCAA40B4F588CFFFC99B2F6246E07CA3B9D9BB1351FC0BD4D2ACEC620
                                                                                                              SHA-512:A40CD86FC87CEDE0D974C96B66DE2E9C0B2FA48B41B2B7B9A689A9401E17965A34B455D675325CE494F12277F30B681E76BE2F4FB3217C30018872AA4EC556A5
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Fj5nZFHtFulYnndJE_g2Lw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\CuEaExS.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.267384314878372
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0oN0LzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+P0Lz+pAZewRDK4mW
                                                                                                              MD5:24824FFD4554AB9A2E7D53228B679ED7
                                                                                                              SHA1:8F894E1AFA576242278E4832855D5860A6F9E30A
                                                                                                              SHA-256:095B5C4CC50626EB6BDBAEE2567C51D3A83EDF470328741EFEAFB8816E67B855
                                                                                                              SHA-512:340D3805E5B8C2C4CC5E2F3860C619BC46D647A4D527ECDA5630C336EC0FAF24A22AD6222467FC42288161C619FC7A00EACAF54F2DEC6341794E9B274839D3F7
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="kq3Lhq0jQN82LUXLoGpBoQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\D9GsvD8.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.259570599501623
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0hQxSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+2u+pAZewRDK4mW
                                                                                                              MD5:FB3B50C75F06242B6745A32AE5F4F6B6
                                                                                                              SHA1:06FBB7945BE0DB4DF4EC4DDFDA5A615A11E972EA
                                                                                                              SHA-256:353E2465ADB89C06C7DD9A7D8A34A055D8B168890FD9FC916B6E1022C7B6D592
                                                                                                              SHA-512:1D6F82A1EFE4B859C156CCCB49146B560DBCB488D978AF63A22C9FF48A1B79B6096495379623C453119B332ED2642279827E5A32985FA96676062DFF6507D32E
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zi0DI6JIKSwsehNszd60yg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\GJXYOEK.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.267182960464771
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0vQSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+/+pAZewRDK4mW
                                                                                                              MD5:C644B8ADD4E98EA9000F1FEC6891C21B
                                                                                                              SHA1:EE1667C63712D727B9964F4376020B98523975F2
                                                                                                              SHA-256:E7728B74B6BD1235A7C55D98AD5B1B46D8B8C5571A087A29832624F516DBAF85
                                                                                                              SHA-512:D3ABB1A8BFCB30C2D690C37BAB31E868AD869A541E308D46500D0EADB657758DA798762F86904D2EA7B47A745A2B8676E56348F8D8526199D7D8EE3ACD29BB3C
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="l8v0_dQjR7XtWZ6Qyoh_FA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\HFI81C6.tmp.html

                                                                                                              Download File
                                                                                                              Process:C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16118
                                                                                                              Entropy (8bit):3.6434775915277604
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:7Ddx3KOTczFQ21Kp4n5DTx1iDecPeLHLHQFJFjZWblWUxFzJzcKHjT:fdsOT01KcBUFJFEWUxFzvHH
                                                                                                              MD5:CD131D41791A543CC6F6ED1EA5BD257C
                                                                                                              SHA1:F42A2708A0B42A13530D26515274D1FCDBFE8490
                                                                                                              SHA-256:E139AF8858FE90127095AC1C4685BCD849437EF0DF7C416033554703F5D864BB
                                                                                                              SHA-512:A6EE9AF8F8C2C7ACD58DD3C42B8D70C55202B382FFC5A93772AF7BF7D7740C1162BB6D38A4307B1802294A18EB52032D410E128072AF7D4F9D54F415BE020C9A
                                                                                                              Malicious:false
                                                                                                              Preview:..<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C././.D.T.D. .X.H.T.M.L. .1...1././.E.N.". .".h.t.t.p.:././.w.w.w...w.3...o.r.g./.T.R./.x.h.t.m.l.1.1./.D.T.D./.x.h.t.m.l.1.1...d.t.d.".>.....<.!.-.-. .T.h.e. .E.x.t.e.n.d.e.d. .C.o.p.y.r.i.g.h.t./.T.r.a.d.e.m.a.r.k. .L.a.n.g.u.a.g.e. .R.e.s.i.d.e.s. .A.t.:. .h.t.t.p.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.i.n.f.o./.c.p.y.r.t.I.n.f.r.g...h.t.m. .-.-.>.....<.h.t.m.l. .x.m.l.n.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.1.9.9.9./.x.h.t.m.l.".>.....<.h.e.a.d.>.......<.m.e.t.a. .h.t.t.p.-.e.q.u.i.v.=.".C.o.n.t.e.n.t.-.T.y.p.e.". .c.o.n.t.e.n.t.=.".t.e.x.t./.h.t.m.l.;. .c.h.a.r.s.e.t.=.u.t.f.-.1.6."./.>.<.b.a.s.e. .t.a.r.g.e.t.=."._.b.l.a.n.k."./.>.......<.s.t.y.l.e. .t.y.p.e.=.".t.e.x.t./.c.s.s.".>.........h.t.m.l.{.o.v.e.r.f.l.o.w.:.s.c.r.o.l.l.}.........b.o.d.y.{.f.o.n.t.-.s.i.z.e.:.1.0.p.t.;.f.o.n.t.-.f.a.m.i.l.y.:.V.e.r.d.a.n.a.;.c.o.l.o.r.:.#.0.0.0.0.0.0.;.b.a.c.k.g.r.o.u.n.d.-.c.o.l.o.r.:.#.F.0.F.0.F.0.}...........h.e.a.d.e.r.

                                                                                                              C:\Users\user\AppData\Local\Temp\HFI95CE.tmp.html

                                                                                                              Download File
                                                                                                              Process:C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16118
                                                                                                              Entropy (8bit):3.6434775915277604
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:7Ddx3KOTczFQ21Kp4n5DTx1iDecPeLHLHQFJFjZWblWUxFzJzcKHjT:fdsOT01KcBUFJFEWUxFzvHH
                                                                                                              MD5:CD131D41791A543CC6F6ED1EA5BD257C
                                                                                                              SHA1:F42A2708A0B42A13530D26515274D1FCDBFE8490
                                                                                                              SHA-256:E139AF8858FE90127095AC1C4685BCD849437EF0DF7C416033554703F5D864BB
                                                                                                              SHA-512:A6EE9AF8F8C2C7ACD58DD3C42B8D70C55202B382FFC5A93772AF7BF7D7740C1162BB6D38A4307B1802294A18EB52032D410E128072AF7D4F9D54F415BE020C9A
                                                                                                              Malicious:false
                                                                                                              Preview:..<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C././.D.T.D. .X.H.T.M.L. .1...1././.E.N.". .".h.t.t.p.:././.w.w.w...w.3...o.r.g./.T.R./.x.h.t.m.l.1.1./.D.T.D./.x.h.t.m.l.1.1...d.t.d.".>.....<.!.-.-. .T.h.e. .E.x.t.e.n.d.e.d. .C.o.p.y.r.i.g.h.t./.T.r.a.d.e.m.a.r.k. .L.a.n.g.u.a.g.e. .R.e.s.i.d.e.s. .A.t.:. .h.t.t.p.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.i.n.f.o./.c.p.y.r.t.I.n.f.r.g...h.t.m. .-.-.>.....<.h.t.m.l. .x.m.l.n.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.1.9.9.9./.x.h.t.m.l.".>.....<.h.e.a.d.>.......<.m.e.t.a. .h.t.t.p.-.e.q.u.i.v.=.".C.o.n.t.e.n.t.-.T.y.p.e.". .c.o.n.t.e.n.t.=.".t.e.x.t./.h.t.m.l.;. .c.h.a.r.s.e.t.=.u.t.f.-.1.6."./.>.<.b.a.s.e. .t.a.r.g.e.t.=."._.b.l.a.n.k."./.>.......<.s.t.y.l.e. .t.y.p.e.=.".t.e.x.t./.c.s.s.".>.........h.t.m.l.{.o.v.e.r.f.l.o.w.:.s.c.r.o.l.l.}.........b.o.d.y.{.f.o.n.t.-.s.i.z.e.:.1.0.p.t.;.f.o.n.t.-.f.a.m.i.l.y.:.V.e.r.d.a.n.a.;.c.o.l.o.r.:.#.0.0.0.0.0.0.;.b.a.c.k.g.r.o.u.n.d.-.c.o.l.o.r.:.#.F.0.F.0.F.0.}...........h.e.a.d.e.r.

                                                                                                              C:\Users\user\AppData\Local\Temp\HiGzqbI.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.26573843585935
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0NDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+CD+pAZewRDK4mW
                                                                                                              MD5:B6541BBA200FC7D9AF1FE7270CC03B6E
                                                                                                              SHA1:2CD66EABA7A0335BAA0C778BF9C1EA970BF84B80
                                                                                                              SHA-256:0F146364A63E48A78AC78A897325536AA507679F0AD6BF9742B7A852DFEE3B5C
                                                                                                              SHA-512:48DF5028F3F210473E3552F8A8C525EA56AD4CFD9C9BDD0DCEA31FECE66079FD0A4909DAB2288E335B1EB37CB4686A087BA22CF421911E3B26B9364E82AD1165
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="kEtKTpvFM3oBq-sy3NqPOw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\IP9PJi7.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.267405969182645
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0nYcySU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Gy+pAZewRDK4mW
                                                                                                              MD5:4DB01765C7ABF55E1521CE2C591C23C7
                                                                                                              SHA1:599ADC2F22D9F717BF80133B15E8AC901B7898B2
                                                                                                              SHA-256:71E985DABB8DCDDB67853D1FBC129DE919C637915A61934E15D7262D88F209D0
                                                                                                              SHA-512:5E2E0086F9E156BEB3B8A8F5B15B3A0CE9417905BF8723D166DB4B0E2CF76BC3389BC8698487DA0D600EDF6AEDCB166E27ED500A189B8F1C0783F25348CD6B06
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="thsQ4BOyn_cqAVPKcPa9NQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\JvnCz98.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.25831591759896
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0Z0SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+V+pAZewRDK4mW
                                                                                                              MD5:DB758A91B7DFC8FADFB04C954AEB931F
                                                                                                              SHA1:BF1E24AF5688944EDDC76A7A836F6BF87E994F7E
                                                                                                              SHA-256:495614140E330687220A86B59C06F521AEDA46E1C72A613F0A6730D296078F41
                                                                                                              SHA-512:D0A5CB82CE1958A8127B231FB0542FAD1EA3B6BD2677EC96C39EE7F7296A5673294BF37FA9BA6D8F1AC53760E96C1B4E4CD3A91F6BDAA3135A48E05D3D5AF669
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HeCmmjq-j4izBWhP_uLsgg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\LhFticl.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.2612486592884276
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+09uISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+W+pAZewRDK4mW
                                                                                                              MD5:A4D332BCC64D25068B793F64A189A26D
                                                                                                              SHA1:1F072AC1EEF3A5D4223E9B21F9FF6659517C95D4
                                                                                                              SHA-256:FD3F6EC433BD5AC5A452D2ACBFEFA161BD28723C8613DB8D3C44A35E0793BF03
                                                                                                              SHA-512:BDA32445038A3F6210F4789FB4F5962657FA305160058B123708A22ABFB5FBF7C1498A674BBFED33316C1A03A6DAF42C4D85AD53D69E92423A29DC64D67EC80D
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="U3EQhFQBnaIz2uThF9m-Nw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\Lmkga2P.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.257716945917444
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0tzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+O+pAZewRDK4mW
                                                                                                              MD5:20C379343E2181B96FE8289B5DAEE642
                                                                                                              SHA1:0F00AD19BBA8ED75F1012C109A5378A8661076D8
                                                                                                              SHA-256:15738A8E9FE65B6D79FC81AAAAFDFE19EB06F0D391E2B8FCB7FDAD135AE2B729
                                                                                                              SHA-512:747F55147820BB7D6C0FECC646A98D9AF9EFC59486295681B500273BAE5EBED8FCE4E34F0748F6CEF6644FDDCC1E8EA1F08A95BB777CAD401A47AF151FA0057C
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="bOlAxbCVA-rYCmYz2-w1uA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\M1xVsgk.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.268915198798591
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0TbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+4+pAZewRDK4mW
                                                                                                              MD5:3DCE4B2B06FC3716D39461327705017C
                                                                                                              SHA1:24B48EF1EEFFC58B1C2DE0DB941EFA00A759EE20
                                                                                                              SHA-256:875495C95F173681C5BE23A2F5FBD47CCAE2C0CC6D22FFEEA08B41E268AA22AE
                                                                                                              SHA-512:54AFBB1D82CF6EA0887EEB1C6B49CF3CE56B347814769D5464076DBBC2176E8DEE3746D7C7A8B4F8041C4DD9CEAA88169674E278D4182311E23783920B12B24E
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="EnYsuZjoXQWjPe7LY2NX7g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\M9PH2ct.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.280192307385677
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0fiSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+4i+pAZewRDK4mW
                                                                                                              MD5:4C5EDDC81AB7564039DE1C793EE21E67
                                                                                                              SHA1:DAC43273D2F4ACF2B10A24B618113AB5A67CE375
                                                                                                              SHA-256:3290E1B76818DB62CD6B3BB3C4EC396810668DFECD34DD6C5967FC10646B7792
                                                                                                              SHA-512:B1E181A9CFF15CA36BC12629786A502312C9C5527C16C4B29C8BE3473237DBE0A1FDD37C2898A86E0DCF11C2625D011B7E7875381F3B1882C52AA57809352B10
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GSFJXz9jOJO2vhAymEAaWQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20250102_143143139.html

                                                                                                              Download File
                                                                                                              Process:C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-16, little-endian text, with very long lines (356), with CRLF line terminators
                                                                                                              Category:modified
                                                                                                              Size (bytes):58172
                                                                                                              Entropy (8bit):3.69044538970583
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:fdsOT01KcBUFJFEWUxFzvHevvEKCKKCxQEozx654:fdsOTLyUFJFEWUxFzv+vFQTd654
                                                                                                              MD5:1C7BD94F62CA49483A9981B3E88F542A
                                                                                                              SHA1:894B3108E2A8EFFE021767EB80CFEA9480B16F1C
                                                                                                              SHA-256:B1539DEF587E4BEF606E22ACAA7E82FCE89375CAAD08546A96B53CD6662E40DD
                                                                                                              SHA-512:D899070554750819AFB71FCAF25015703368103A434F15C88CBD21A4F35B9756E441A843D8364C3BAF04B8CA1BE044E996B60DB3638B33C5DAD748FBB164D53B
                                                                                                              Malicious:false
                                                                                                              Preview:..<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C././.D.T.D. .X.H.T.M.L. .1...1././.E.N.". .".h.t.t.p.:././.w.w.w...w.3...o.r.g./.T.R./.x.h.t.m.l.1.1./.D.T.D./.x.h.t.m.l.1.1...d.t.d.".>.....<.!.-.-. .T.h.e. .E.x.t.e.n.d.e.d. .C.o.p.y.r.i.g.h.t./.T.r.a.d.e.m.a.r.k. .L.a.n.g.u.a.g.e. .R.e.s.i.d.e.s. .A.t.:. .h.t.t.p.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.i.n.f.o./.c.p.y.r.t.I.n.f.r.g...h.t.m. .-.-.>.....<.h.t.m.l. .x.m.l.n.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.1.9.9.9./.x.h.t.m.l.".>.....<.h.e.a.d.>.......<.m.e.t.a. .h.t.t.p.-.e.q.u.i.v.=.".C.o.n.t.e.n.t.-.T.y.p.e.". .c.o.n.t.e.n.t.=.".t.e.x.t./.h.t.m.l.;. .c.h.a.r.s.e.t.=.u.t.f.-.1.6."./.>.<.b.a.s.e. .t.a.r.g.e.t.=."._.b.l.a.n.k."./.>.......<.s.t.y.l.e. .t.y.p.e.=.".t.e.x.t./.c.s.s.".>.........h.t.m.l.{.o.v.e.r.f.l.o.w.:.s.c.r.o.l.l.}.........b.o.d.y.{.f.o.n.t.-.s.i.z.e.:.1.0.p.t.;.f.o.n.t.-.f.a.m.i.l.y.:.V.e.r.d.a.n.a.;.c.o.l.o.r.:.#.0.0.0.0.0.0.;.b.a.c.k.g.r.o.u.n.d.-.c.o.l.o.r.:.#.F.0.F.0.F.0.}...........h.e.a.d.e.r.

                                                                                                              C:\Users\user\AppData\Local\Temp\NuZDHEM.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.278867071787961
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0eSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Z+pAZewRDK4mW
                                                                                                              MD5:8431077B084EFFC68A5DAEE1C5CE1FAF
                                                                                                              SHA1:442016FC9FCCC4EFD91DA96415374DCE5D574EA0
                                                                                                              SHA-256:FCF9682973BD878F26D8E067135A8905E867804F2C90CCA22BB34DB18A4A5DB1
                                                                                                              SHA-512:1319177827A89B634F73DA2D806430805C8FCAABD73BAD881C4F35F1389E1B6FA4B1C8234FE10D0AAE258266C1C0222F910C9B2EC5A4D830CBB58744C1C35A07
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UBGZFbvZ3UGTxJ84PXASyw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\O9MdLZY.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.26473578282653
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0y8SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+s+pAZewRDK4mW
                                                                                                              MD5:DF6DAFAF32CAE0E778D28DAB55A2FD4F
                                                                                                              SHA1:4200A993A37BBA3D68D576FCF12540469681B84D
                                                                                                              SHA-256:32F1D5F8F68043E28A9093FF067BE3B52CDDBB1288D5C3AA2830A5F1EF426CAE
                                                                                                              SHA-512:58800D3B4101C48DD9EB614AEB0AA1CE4B0BA4499A023546896E72819AACDBC5785EF275A80F250A7012A30F944883F52904AA809BDD2CF9C875CB2A946F4E93
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="_2YkVmdhXWYp3nGMTSaUAg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\RzpRahd.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.259281261651215
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0RSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+W+pAZewRDK4mW
                                                                                                              MD5:38BFF86E285523BB3AE567B6D220E2EB
                                                                                                              SHA1:D84BD0247B12D36A07E29B46FB0CA3C98A81DEC9
                                                                                                              SHA-256:31AAAE2423A1D4CAC9771AA44F724F6E4F6D0B939C3B1018A4D3FFA2836E9F8B
                                                                                                              SHA-512:1254CEA13B6CE33F72C18ECC800E51CEF8C4E49FD24295EEF8164A1E2FCC11A819274CEB35781D2AE56782EB902565996C56FE8E6DE6CE15DF68B511D4779E1D
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="glHejAppE7Tskh2jCKqLqg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\Setup_20250102_143139405.html

                                                                                                              Download File
                                                                                                              Process:C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-16, little-endian text, with very long lines (322), with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):29454
                                                                                                              Entropy (8bit):3.71018844023223
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:7Ddx3KOTczFQ21Kp4n5DTx1iDecPeLHLHQFJFjZWblWUxFzJzcKHjyhJdtEKCKKW:fdsOT01KcBUFJFEWUxFzvHevvEKCKKW
                                                                                                              MD5:365C519675BB5ED53F03D01980942165
                                                                                                              SHA1:1AB0407249A51B8ACD0F757906F581D787DD090E
                                                                                                              SHA-256:AE4902A535355E25555C17DB81D18A7F24EA7D30368D34BC4323E0EB15405563
                                                                                                              SHA-512:56197C0C7DCE368AE0215207E43B898D8542676D8D2CA4A8BE779D7D42E2EF5C25F1533D246EBC658413363A9873B6736DBB4C71FB74D0834389574611F7BAF1
                                                                                                              Malicious:false
                                                                                                              Preview:..<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C././.D.T.D. .X.H.T.M.L. .1...1././.E.N.". .".h.t.t.p.:././.w.w.w...w.3...o.r.g./.T.R./.x.h.t.m.l.1.1./.D.T.D./.x.h.t.m.l.1.1...d.t.d.".>.....<.!.-.-. .T.h.e. .E.x.t.e.n.d.e.d. .C.o.p.y.r.i.g.h.t./.T.r.a.d.e.m.a.r.k. .L.a.n.g.u.a.g.e. .R.e.s.i.d.e.s. .A.t.:. .h.t.t.p.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.i.n.f.o./.c.p.y.r.t.I.n.f.r.g...h.t.m. .-.-.>.....<.h.t.m.l. .x.m.l.n.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.1.9.9.9./.x.h.t.m.l.".>.....<.h.e.a.d.>.......<.m.e.t.a. .h.t.t.p.-.e.q.u.i.v.=.".C.o.n.t.e.n.t.-.T.y.p.e.". .c.o.n.t.e.n.t.=.".t.e.x.t./.h.t.m.l.;. .c.h.a.r.s.e.t.=.u.t.f.-.1.6."./.>.<.b.a.s.e. .t.a.r.g.e.t.=."._.b.l.a.n.k."./.>.......<.s.t.y.l.e. .t.y.p.e.=.".t.e.x.t./.c.s.s.".>.........h.t.m.l.{.o.v.e.r.f.l.o.w.:.s.c.r.o.l.l.}.........b.o.d.y.{.f.o.n.t.-.s.i.z.e.:.1.0.p.t.;.f.o.n.t.-.f.a.m.i.l.y.:.V.e.r.d.a.n.a.;.c.o.l.o.r.:.#.0.0.0.0.0.0.;.b.a.c.k.g.r.o.u.n.d.-.c.o.l.o.r.:.#.F.0.F.0.F.0.}...........h.e.a.d.e.r.

                                                                                                              C:\Users\user\AppData\Local\Temp\TN4oWvu.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.260271529555847
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0eASU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+K+pAZewRDK4mW
                                                                                                              MD5:F37E15C55D95D46A28DDE13A1BFEDE19
                                                                                                              SHA1:04753314C20E293C2C4DF8FFE42468D18243033D
                                                                                                              SHA-256:9D25E5C0A8D02884DA5D3F6491E485022E957E6525E7277B1B4BF6405F7887FD
                                                                                                              SHA-512:C3E40487A690576C86959A2A0FD00E0CD94ABCB085219D7292A142F82CE873215A2BCD5A5BDA81E6D8665665D8DD061EBAF75EB858ADAC6C233BABBCD2E721D9
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="OGvQK0jI53kt_0lEouAmoQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\TQfzZDX.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.256240109912759
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0EzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+J+pAZewRDK4mW
                                                                                                              MD5:6E34B33A936B589B6863CA99C2F53E9B
                                                                                                              SHA1:840EB31EE9D26FEE1CF14400AE8B483DE06A1393
                                                                                                              SHA-256:96F5739FF5E9177B3456AB48019EED507695E6AC453BC0855A806DED575A1D4E
                                                                                                              SHA-512:3E784149AB31401689773A44B5B22A258E6D6120A7D5842A390F5EA422FB5F7C8023B279163D1D27A3502A05513142973CC8A1E46594A2DD6C4907BCE3C6DD59
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0opYbQafwT_8clw6jYdFIQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\V23IzEj.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.26113768607626
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0l3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+i+pAZewRDK4mW
                                                                                                              MD5:8B8CE3916900D5B185DB2A19744A6249
                                                                                                              SHA1:AD8C741CD1EFDC39702784B81994F5E1347B5D3A
                                                                                                              SHA-256:73A3CB3386A17A513DAA9BD79EFBFE424AA45C71C73755B7759FF110F077428B
                                                                                                              SHA-512:37F85D7A092A0C61F1E7F932E5A8BFC7401FBF580B49A35929567AD697E062A06EC4EEB2CE5162EF3FA526CD8DFEB71687CC03B199FA10B003A82948D23A0B89
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Eugs3QaeDBw-ZPRHwHrRZw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\Veo8hCc.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.279973161568243
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+002SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+H2+pAZewRDK4mW
                                                                                                              MD5:5EB6E6EB9391FB4F40540100C500A635
                                                                                                              SHA1:A65CFF33EA45A884425FC536356E5A03A647FF82
                                                                                                              SHA-256:D29F44EDE212286B4837BC8AA5EA72A3E39B0BBF4A4AF26FF5C1EAC9866EB928
                                                                                                              SHA-512:D0FE693CC015810511C49591E26256C5E6579D46ED77FD38767FE9F6D4CADFF7B45EC256A9C86F4339933A2119698A7C655A26514C0ED3A53E55B5E436C4DE6A
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="RXVNqo7FD6NPc7qXQUsK3Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\W9b2XF6.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.267381982936697
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+02SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+d+pAZewRDK4mW
                                                                                                              MD5:41818E88E8E4CBFCD6BFCD20F169A533
                                                                                                              SHA1:A388E09F2EA19B0767697806CC1BD4603A3EEEE1
                                                                                                              SHA-256:9A20FA19EA04CF2B450395B8309BE67748AA65B3BC39E3A0E57EAF14F574DC94
                                                                                                              SHA-512:D98370265EE40FEB7A2911ED44C0481AE6628A9A09A19115B15C72A8BC0B545BD3F9BAEE2258CD2A44A4749FFE8FB0C34BD1DF563500AC47A6102BB4C2CA3C66
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="eFQ72KMJSVslfuYqRulTAg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\WAvFepU.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.261609877152605
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0eQSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+o+pAZewRDK4mW
                                                                                                              MD5:F0A8191686203F7BD451B43B855FAEEB
                                                                                                              SHA1:7A0CCFE52C8381EEF45A9935D7AF0A89D8C219E2
                                                                                                              SHA-256:7CFC934AE496818B2D7ECAD6EC3E67C73A76DB9F904E4C5733A869B3507C351D
                                                                                                              SHA-512:3A72AAC9BE17D8DA70B881A75F67810316A1445002058349DEBBEBE84B0502A051ACDB356126BBB0F8320B7D72ADA0394A599B11A00DBD4BE8E1E40E4B5BC243
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZRxeIOd7Tx9NQyz-bR5_gA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\WeDnJqw.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.245404813846902
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0gSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+L+pAZewRDK4mW
                                                                                                              MD5:DB628D179F4DA7F0AB6B7E80D3D1CCA4
                                                                                                              SHA1:806CB76094EEB38428446F29AF006F91807EBCE3
                                                                                                              SHA-256:26FF06486BC61C171FDAC2FEAC393DACD732A16EBF13BA64C8570CAFCA91F9FF
                                                                                                              SHA-512:2B6D1EF93E4F84F87DADEEE2E88529C6E94370D0CECD19F1EFF42165D7C6D0B94B179E0BBD72A54D00DE8D2DC9F747FD8B21BEEEC5DC541F3EA51D08954137C6
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-ty_DwmiZvBpdVWaahhgvg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\Wx4uoiP.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.259337116049069
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0rqPSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+iqP+pAZewRDK4mW
                                                                                                              MD5:40B1A9364A7C60D19ED00BC5456ABF77
                                                                                                              SHA1:D4507FE80D98F6E03363795093C6032EAEECDDFC
                                                                                                              SHA-256:1C19833BE63C795F1756B029907B25DBA50B13A11E062D2456A4AB5524E3549F
                                                                                                              SHA-512:3A22A8C72EC3773A2D1637A74119E7C8D5281DFC1E77B1B8C8D62CE37584318BE67740B5CEC238D7C28898FEA590CA8F40766FEE163620EB2256E8D3FB7AFC67
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HviSqOIysrVoi7rO0grECQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\Y4XMrUN.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.264983297918883
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0XISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+7+pAZewRDK4mW
                                                                                                              MD5:9299788FEA8DF3E56B3CAB3D4F43FE09
                                                                                                              SHA1:F6F9CF97A7369DB93CB46A9A69A6DC277765BA12
                                                                                                              SHA-256:17FEA02AF63682D828A44052C40FFE0ACD92B55D4FE7AB4A10769EA02DDF2A36
                                                                                                              SHA-512:3A961DC2073853E5350325A768D6FC4755C19D4CA2910CFA835FE96E7ACC252E86A3E12FA0A54005919A65A43A9FBEB03889E21614E07AE6908EBACB3DE9D4C5
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Xc1ZknH7RZt3Ngf_DQsu6Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\Y9lLjpc.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.256661278200607
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+04DSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+P+pAZewRDK4mW
                                                                                                              MD5:E4DA5E38DBB26D95EEECA1668620CCBF
                                                                                                              SHA1:BF8F7C7F90DBA32530AE2B2C7AE738AE07A07746
                                                                                                              SHA-256:A4860B78639280A2F0342734CD29EB74D2CCD94B3642587A49DA25833B57A284
                                                                                                              SHA-512:2FB12FC96D7CB95A4B5A5D30DFF75922AD1FF6762BA17A261A9070F6A8D04ABA64C72B23DB4E92EE88F5F794BF73E68DB773CC61876125FBA1BB5E0F0B1FA4E3
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0ZeCi7t1qyrF_U9tqxC6lQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\ZqX1eD3.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.2516181172908905
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0KSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+5+pAZewRDK4mW
                                                                                                              MD5:EE2549BE382BD01B093C46C7304429EE
                                                                                                              SHA1:ACE74A03C6FCD07DCB523FF269B3AF70AFF66393
                                                                                                              SHA-256:5606E102AB59145F68D8D840A5EAD9BC379084D32709C778DEA2FEB922155DA1
                                                                                                              SHA-512:7F9576C2A584FC8FAF3362B94CA6DD733CBC50945A0453AEDE5731E6C2F79FE78284A8DA57FC7D0D6F32ACF3E37195DAAB7588CFF471143AFF6BBFD98C89F855
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gom8Gy0NrKIxM8Em-zMsiw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\bP37c8H.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.267373836578291
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0bgSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+z+pAZewRDK4mW
                                                                                                              MD5:C0E2F41BCCBD6CBDE5285597844E8EA8
                                                                                                              SHA1:6BC98FCA458C0D97DF3734D8D6FF03E33F3A2993
                                                                                                              SHA-256:C92153EEEE378958BD2C79676043924360711924AE0C09FE8D180FC302961CE3
                                                                                                              SHA-512:926684E62C405BF92BD7488E42B7B241D358224F1C34878C83811B58B1D8BFBA7AC4A5D1F1210512C6D7CE9B0D89BA8FD1FAD6F22BE46224D332996161F82F62
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="FXDjHaYrq4UWeo1JruCRFw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\cpugkZM.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.257202527663018
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0g3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+P3+pAZewRDK4mW
                                                                                                              MD5:7249242D5D671B5BF52F4609C6C8B2C0
                                                                                                              SHA1:8A3B62CF4F91CCF45C374D05C2FDDD236592751E
                                                                                                              SHA-256:38623D7A750C20335E11FD324AAB685F3249B1AFE15862AD6C54E3C74E0B37DC
                                                                                                              SHA-512:BC6F900631D2378875D0695D91AEF11B12C17BEAD357A6A5563495A32F69E7D30EFBE9EEF1E6CFE26F4A5798B65DE40782E3FF232DBA58128CA5949044E7C0A0
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CFgeTQBEgrR0TaDI1Enqcw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\e7By2gi.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.270576930864267
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+07SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+I+pAZewRDK4mW
                                                                                                              MD5:C4B7057A719EE6E43562843A5F418881
                                                                                                              SHA1:BB31265A6E1977096D575BBD159B53386A6500B6
                                                                                                              SHA-256:5A2F403751438F88348213F38C1607A7AADAAAAB15404498E3DB94D39FE05BB6
                                                                                                              SHA-512:3165A5A7B91B4C15273F6C7FA916781ED548E9A69FC89D95036E1E7938E51546EB99F231BC24B3965CEF11A376944837A717B9887921180DD00527FCBF81D773
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="yvqzkY9gDLa7PSEXnpBjoQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\hANHsZh.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.250351590561119
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0fESU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+/+pAZewRDK4mW
                                                                                                              MD5:5FE9E5CAABF3ED9FBE3F834046A5E1E9
                                                                                                              SHA1:F501981166FCEF43E76145DA308322B06674C066
                                                                                                              SHA-256:8134E1E15F6E6223D56041A52CE0C5B8188A4E02D8BC9E2E416F574B1D90AAB4
                                                                                                              SHA-512:5562324CA25DFAC84109F0041BFABAF5E208BB6BAA29FCE0E4FFDDE969B80958DFD57F17A28B171FD5A0D72570C9F087AE31D0C58EFF4182AD7BEED24BF5B4CA
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cy1r4yPv7ED6x2eAyFlepg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\i6hZp7z.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.258563138717733
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0UJl3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+dJl3+pAZewRDK4mW
                                                                                                              MD5:1AF2A9CB756C7C8BA863263A478373DE
                                                                                                              SHA1:D975500705B6ABB8F6B3AA29CE047D85D96089D7
                                                                                                              SHA-256:BD3062A55E51C6C896E05C402105C300DD58C52D7B082D66D530F130EFC68C8E
                                                                                                              SHA-512:0A3C1417B2F157CDE1ACA1FA91A0B4042F944809FFB044642A468963BB3EC7AFF276B5DF02A8EA99B01C4A528DA03EC4AB21881130C7960E978D99872F7F793C
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="nOLBiF-OuXDEd7-rpfShAg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\iTLsiUV.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.254798361918001
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0pSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+e+pAZewRDK4mW
                                                                                                              MD5:D113AB53E9023831A3BB7AAD820E8E86
                                                                                                              SHA1:A42B005F022361754F2CB53E6696E2F48E7F2F2D
                                                                                                              SHA-256:E103D4768FE93B052B03F0D7541ABDA749161AE80F80B883E01B2C73EDD32716
                                                                                                              SHA-512:18DE9587FDCB1BEB31F458AD41156EA61040A8A81372AF6C1F62FB74F5F33D8F0AD6C376F586455BE7AFB8DBED8E624C037871370076A36D3834F1B8444ADDBF
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HId1Rugn-sQlG86p8-kTAw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\k7lDRnJ.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.267778695213988
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0aB2cSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+v2c+pAZewRDK4mW
                                                                                                              MD5:0D94EF5D6198FAF2B461F20849001AAD
                                                                                                              SHA1:3B5FDA2DE6C380709B742D1EE33ED9A987BA6A3A
                                                                                                              SHA-256:0B79D242439B2DDE4E7EA3234216F92DD70A17D5FA4840B75B1BFB5BB9F8B24D
                                                                                                              SHA-512:C1783B726459C608DD6CBDD3B14CD99D81C32CEBEEABDDC10BC88AB2001A6B4121AA64D8A1F496B1FF09277925F3639B1CF5E273169715E93D1E83E373F1CCC3
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Qg5QNU8MxIRRkECQ8cdGUg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\kzvfg6q.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.275137092268793
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0mSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+V+pAZewRDK4mW
                                                                                                              MD5:FFB0B3E68CBBC3B2088BB60F1EBDB4E6
                                                                                                              SHA1:0C6E83F5D2CC8BBA92877FBBEB5445563F850609
                                                                                                              SHA-256:57832D9E09658D6786B8C7FF5E23A9E5416EE5DDD67B53590B6C66252EEA3E79
                                                                                                              SHA-512:A4D4F7B8C29A789B727430AB32C52E4BC5A1C785B68A7058C7CB134266C660BF956F387FC3CA09FA6CBCD2734BE448FECFB6EEAB46F46640BC3A0E326B3A6936
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cAmRMUB327ksjWioJKS6RQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\lLV42Or.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.279084250471734
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0WnSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Ln+pAZewRDK4mW
                                                                                                              MD5:31D2006929394453D71820C5C3D3B23C
                                                                                                              SHA1:1CB3E206FF4A11576C389872C6D3B0F212602A19
                                                                                                              SHA-256:AEEFF43FFCBA282A3A54FD6CCAB09C274F662DB45FFB4C7C2E38E91D250899F8
                                                                                                              SHA-512:E3C475DED96FB2E0A9EDCD57B12149B5678F3A0C4CE58CD96FAC04217E48694BED6D0DF866965DC9DCD37D31ACA2DD05E1D8C95A0A2BBBAE434D55389C5B7EBD
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HtCWGXFwDJmJ3S_Dj9gG_Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\lMlVJAt.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.262220413453084
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0QSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+L+pAZewRDK4mW
                                                                                                              MD5:412F494DC76E7AEC388E44F5CBF0443A
                                                                                                              SHA1:5FBB9FFD8F4840A3D9988ECD846F1D4151A38CD1
                                                                                                              SHA-256:4DA683A3F50B2380889A115250C51D0D963A94CC0D30274634D0475FD1959F9F
                                                                                                              SHA-512:69E85AC407A9E201A34C648B6F1DE252139F0ABF8AA670587926D373AC0B5F7A43469A216B4E566866EAFAFAF7F6B0C4EC176800D1261777FA4723C0FD11E90E
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="hYuktXoaYtNV7PMRnIoOgA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\ll78onf.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.265658376979042
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+05wSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Aw+pAZewRDK4mW
                                                                                                              MD5:CB440C17DED9781EC6E650873733C799
                                                                                                              SHA1:6572F4D975AC231AB9FD84E0BBCED85AD96EA66F
                                                                                                              SHA-256:B69912558219DCFD470323B03908FB4EDA01088C2B9FB0F2F5F83F219F0012B8
                                                                                                              SHA-512:4E8D58E78BA02990B65FAB826651C186C6B9646C8CD1050853F81755263E0E69ECE81137926F8399B514A68705A023A471928A4324ED19609FA4113CFCA79A73
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="evljEDqg-NcOUcI4CYlHRw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\mSiZxJK.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.262142143087361
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0kADSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+gD+pAZewRDK4mW
                                                                                                              MD5:A9CB5670AC10778E75254497C7F179FF
                                                                                                              SHA1:3A2DB094230EA8E77CA6AD57F85C12938907E81C
                                                                                                              SHA-256:12140C4CE64407CF2A4D2504752B925CDFFA57249129D41D476AF125FBF08379
                                                                                                              SHA-512:051A7155E232F42283976AD3EA35EE6D0022A7CCF7ECC7C837836697EE9C4AE16A996BE10D890E5658D398926E4D73A42A89F2A0D209DBC0AFF7EF5364B420B6
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7HH6lK4db1Nsuc9KFOTxpA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\ndo7ofe.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.271060461270161
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0guSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+tu+pAZewRDK4mW
                                                                                                              MD5:5D2AF153D17F407194553D6961770555
                                                                                                              SHA1:498423C0AED043D11EFE21BD64D6A6F5B85E1B94
                                                                                                              SHA-256:FF906981A6AA255D722AA2FA63B61FF6BE1A52A6FE4ACE45ABD23177933C2B96
                                                                                                              SHA-512:9B32E1536A99406D4F68AAD9549A75D9A17D99A0AC1861D8932759D4AEB4FFDE42D065A7AE093D5AC8F578BFEC628EA39F6270FCB24DA934729E61635BCBE9F6
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="za6QlVWF46KDBkI4U2B5ig">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\nnx85ahz.xlsm

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:Microsoft Excel 2007+
                                                                                                              Category:dropped
                                                                                                              Size (bytes):18387
                                                                                                              Entropy (8bit):7.523057953697544
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                              MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                              SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                              SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                              SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                              Malicious:false
                                                                                                              Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                              C:\Users\user\AppData\Local\Temp\nsg5xzV.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.253756976345242
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+00SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+3+pAZewRDK4mW
                                                                                                              MD5:2D73CFFB723BF0039F9BE4C8D25C203D
                                                                                                              SHA1:B27953C3B17DAEF019999406F76DAC110D6163CC
                                                                                                              SHA-256:4AB175895F2BCB388CB4F21E4C0101765DA1A11F63B1FF56244EF077403644BB
                                                                                                              SHA-512:52506EFE5D90E9A8044B2C4AEF5C9191A09BFAE4BCA8730055D2C70FA1D19932D09830D259ED1C3169BCE5034CF06FBE1A25DFD5829C7A8E5FDA1F75EBEF53B0
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5EEe8zQ-RlLADmmkIyio0g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\p9FCQOl.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.25984933423205
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0i1zSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+d+pAZewRDK4mW
                                                                                                              MD5:ACF89DE61E86951A190903532D87015D
                                                                                                              SHA1:78F0EE0CF8C300911060919B0ACAFBEE1AB6CACF
                                                                                                              SHA-256:2B664B8A760B18807E70F7811D49981B492E88687CC3178E886328707B98FD47
                                                                                                              SHA-512:A70BCC0674D583CB0EFA5ACC727B36C3581AC739E1A2CC2A251AA39A7D092E2E15B6C44AA7A31E988E954EDFEFDC0F3072484673A5787D799C65A077BD7863B2
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rrAc2YYvYelCe3NQiRwD8Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\pgN8XTA.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.267316069849067
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0Q/ISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+zI+pAZewRDK4mW
                                                                                                              MD5:822B4D889F5F909B797D934E8AA78FA5
                                                                                                              SHA1:082AC9CC1DB0CBEDC6A9802F24CAF14CE1792232
                                                                                                              SHA-256:31AFEEE001FAC4BFB2CDD8BA0054EAF7E050669C1286B1E4D7EAC6A8AB8709C3
                                                                                                              SHA-512:E000EF3CD41EC0ECF1E6DF51466C44ED1D6AEDD101137B06E571C7FFD669CDB6209D0DA623241620483D8E67A1B274802F3D8C4620B6A685A19D467BC8601EEA
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Y7tPM6KBEs11hkawuYAUVw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\qIikfrd.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.261680214890145
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+00SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+b+pAZewRDK4mW
                                                                                                              MD5:0A1AAF72651BF63D9FF3C1649A83B62A
                                                                                                              SHA1:423F3BA91DE769C5E124FD320F262BAA32A74BBE
                                                                                                              SHA-256:5AA5AD872C83A7FFECFE68F161243FEBB9FB7DF784DD6123D2F9C62EDFD39E8E
                                                                                                              SHA-512:8A5E41DBBFE7149DD4EF38AC668200B3DC26732729C932A23EC8318174FB1F8A9D49BC9196CD15A1C3016CF57B4F5B045DE4D8B1C9BD2CB9B34E48C7DE7F7E64
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="QbnZeLOB772dsQRI0kBz3g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\tgHtvA6.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.245952577965961
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0nFSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+++pAZewRDK4mW
                                                                                                              MD5:EC266B40733117C3250255A21F0DDB4B
                                                                                                              SHA1:3E923F0E7AB45D6BD8536C1E4724ECC6298E5D83
                                                                                                              SHA-256:81893C6617EFCC0C01B5C42E38927B15046BF896990B036461107C7996EC721B
                                                                                                              SHA-512:FF2BF59157A98FE83B484CC11568F614D226FF3E5D3C7B269DC7F48C0EFBC16F3028BE9057F9E282DBD112E777B670EA08CF640CE87A8C8B086698607190D40A
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Id2nltUzwbw4aNq1K4vFog">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\uSXoLj8.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.26519872012409
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0PSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+M+pAZewRDK4mW
                                                                                                              MD5:5BBB4D8472C4F939B2F34E76BF547196
                                                                                                              SHA1:ADF7BC26BAD9932A9FC31275FBEB57C9AB2B7AFB
                                                                                                              SHA-256:E4BFF2BE2F8D260A891F72EA8A6C4203C79B7E05118CAF45D07E4EACB6BF3DED
                                                                                                              SHA-512:B8A083035F40E3C7C66B9CFA43593161A013F8CF57FE9C2CBC1938B99033ACF5E6FD8D83066CE2BE19B4A74CE56BB9B6D6713F5F56F81AC2D7FB60C14A3ECC4D
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="N8vSB8uj4jUrKmke2UL3Fg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\vPlIr69.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.256500896465
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+036SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+5+pAZewRDK4mW
                                                                                                              MD5:6DA9C5494A63AC67FAE1F818876801DA
                                                                                                              SHA1:D9DD3A279058631308598CCA1F010304E7C9279A
                                                                                                              SHA-256:EDA1F4A8886A623BD350E0386D3500CC6F381D6E92641565D287A62AB5245EFA
                                                                                                              SHA-512:BB00E54FE939C1CD3EACE725132AEDFD215F745EE0B6EDFD89CF58611E83350F8FA8F30CDC12EF54203024FEDCF00F2373F2B9AA92766163CC7A06368C3B0BBD
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="la4eIqXKzbiDXwXRpxt1fQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\w61SFIm.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.256190969524197
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0wSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+n+pAZewRDK4mW
                                                                                                              MD5:2F07918F80EB5DE5C89D64450242A55C
                                                                                                              SHA1:3C70AE6FA3E898A284BBA77C5ADBD01E18BD662B
                                                                                                              SHA-256:A9C6D03859424410D1D0C051B9F9B37A1FB9CBAB13E59B8F0F22582686DFA0BE
                                                                                                              SHA-512:90DA9C14CB9B6B6A25E051F45129F22FE2DD1F89A1FF94CDF4F5EF511D562D9D8B1E3A01C2BCCF773BC78CFBF9AFB2F333DB7438C3D89D237A45A2AAE0E2A08E
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="dZpK24mWql4bRCH1rb5Yxw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\wL2Etb4.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.255276053880038
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0BMZSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK++m+pAZewRDK4mW
                                                                                                              MD5:FC1500257E788163A30F70AE0D30E00F
                                                                                                              SHA1:A1681417BD72EE9C00F17060B6410696F1DD8183
                                                                                                              SHA-256:A01CB4C3CC79DADF740149D415F7B10FA83B2D62C8598650E18B26708093C601
                                                                                                              SHA-512:7E315B395B14E4F1BAD35F4E118317DAB8F18E2868A26C4C08935CBF6C32D9CB6928C676B1F13FB68CB22C3C8355EB91F5E2F6BB7264E7CDE3AE25B513957CAC
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6uHkpTGgPonhF2xQgfYwmA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\xPj1j9L.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.271685768371368
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0GqD3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+YD3+pAZewRDK4mW
                                                                                                              MD5:B616AD8BE03E4190179A836237F3C6B1
                                                                                                              SHA1:91AD7E1C46C5D1843608EF9CE58BC3C5C4EEFD99
                                                                                                              SHA-256:DE3D44AA1B91BDCE78EB77E40124B8636AFDAC64BAF9352C9D4418AA33A3C9B6
                                                                                                              SHA-512:644DCAB19DF94E77461A763669ADAC9044827B465B5B5ACFD9FE15F4B775AF500A44A0F9CD1137A3FED796B81C2C33871AC970DEB615CF2F3F162DC830777137
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5C9CqmkUdXR3DjD9u1ysIA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\yRxtgA5.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.266639867479288
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+0xSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+i+pAZewRDK4mW
                                                                                                              MD5:01451F5BE8C93B7AC689394185AE386B
                                                                                                              SHA1:25D9CBB3FE0F014003E1250120571D59B06E5D45
                                                                                                              SHA-256:F618432600B96DC655BB60D1535482124B2DA874A672285DC2D0F2E32DBDCDBF
                                                                                                              SHA-512:A2A32091DFE81F08850AC8566EC7B4EEBB8E7B39C13CF8487FE78FEB96A171CCA02A679F1DD4C6FE038F05524F41B49D71DF8AEE23B6EE028C9D8B416986E5CE
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="G6jyoLwLxkdZed26BJ-CQA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\yUZRKYv.ini

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1652
                                                                                                              Entropy (8bit):5.261320814375079
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GgsF+04oJSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+GJ+pAZewRDK4mW
                                                                                                              MD5:1074A58CC678F744A1720B1EEEA23FB4
                                                                                                              SHA1:391C6F2B8C44567CC64DB30C109C04101A42479D
                                                                                                              SHA-256:D9F0AC55BEF5E96B969A062AA8A8793E2A61F3CB77A5C615F3D569417C474055
                                                                                                              SHA-512:6EC0D087E2A99D35A1FD3F65429AF487F48DEB256175DF55310AE9A4F405AD833FF163EF31438BBA707C24D20E659829D49A7C06217807DB8C9AECD6B44D3B9E
                                                                                                              Malicious:false
                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="G9Zq2tutQBMoIvHZcQakow">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                              C:\Users\user\AppData\Local\Temp\~$nnx85ahz.xlsm

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):165
                                                                                                              Entropy (8bit):1.5231029153786204
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:sYp5lFltt:sYp5Nv
                                                                                                              MD5:B77267835A6BEAC785C351BDE8E1A61C
                                                                                                              SHA1:FABD93A92989535D43233E3DB9C6579D8174740E
                                                                                                              SHA-256:3B222E766EADC8BC9A8A90AC32FA591F313545B7E8C5D481D378AE307FA798C3
                                                                                                              SHA-512:FFFCBA958E9BD56F284DA19592F124C48B013FCDA2FBE65B3EB38BB644C2B0C978E6DAE99EF213B054813C7212E119B09236A6FFF342D32E52C84DD26DE1E033
                                                                                                              Malicious:false
                                                                                                              Preview:.user ..a.l.f.o.n.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                              C:\Users\user\AppData\Local\Temp\~DFDCD4F54ECC155DD9.TMP

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                              Category:dropped
                                                                                                              Size (bytes):32768
                                                                                                              Entropy (8bit):3.746897789531007
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                                                              MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                                                              SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                                                              SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                                                              SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                                                              Malicious:false
                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\Desktop\._cache_file.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):5073240
                                                                                                              Entropy (8bit):7.998813387067771
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:98304:RuLgywiN1ah6HcG0UJrN7SDgndrHZDMeaNNjt0CKKBgY2r71pZ/APaOR72HgQo0z:I7wq1W6HqULS8djZDTaNNeCKVP5ORsg0
                                                                                                              MD5:B88228D5FEF4B6DC019D69D4471F23EC
                                                                                                              SHA1:372D9C1670343D3FB252209BA210D4DC4D67D358
                                                                                                              SHA-256:8162B2D665CA52884507EDE19549E99939CE4EA4A638C537FA653539819138C8
                                                                                                              SHA-512:CDD218D211A687DDE519719553748F3FB36D4AC618670986A6DADB4C45B34A9C6262BA7BAB243A242F91D867B041721F22330170A74D4D0B2C354AEC999DBFF8
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#pA.B...B...B..gM...B...B...B..gMC..B..gMA..B..gM@..B..gMD..B..Rich.B..........................PE..L....jkG.............................c... ........... ..............................hzM.......... ...................................................RM.X........... "...............................&..@............ ...............................text........ ...................... ..`.data...............................@....rsrc.............L.................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\Documents\BJZFPPWAPT.xlsm

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:Microsoft Excel 2007+
                                                                                                              Category:dropped
                                                                                                              Size (bytes):18387
                                                                                                              Entropy (8bit):7.523057953697544
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                              MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                              SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                              SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                              SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                              Malicious:false
                                                                                                              Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                              C:\Users\user\Documents\~$BJZFPPWAPT.xlsx

                                                                                                              Download File
                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):165
                                                                                                              Entropy (8bit):1.5231029153786204
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:sYp5lFltt:sYp5Nv
                                                                                                              MD5:B77267835A6BEAC785C351BDE8E1A61C
                                                                                                              SHA1:FABD93A92989535D43233E3DB9C6579D8174740E
                                                                                                              SHA-256:3B222E766EADC8BC9A8A90AC32FA591F313545B7E8C5D481D378AE307FA798C3
                                                                                                              SHA-512:FFFCBA958E9BD56F284DA19592F124C48B013FCDA2FBE65B3EB38BB644C2B0C978E6DAE99EF213B054813C7212E119B09236A6FFF342D32E52C84DD26DE1E033
                                                                                                              Malicious:false
                                                                                                              Preview:.user ..a.l.f.o.n.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                              C:\Users\user\Documents\~$cache1

                                                                                                              Download File
                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):771584
                                                                                                              Entropy (8bit):6.6264053582391735
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9IIr:ansJ39LyjbJkQFMhmC+6GD9j
                                                                                                              MD5:7407C51DD7AC30C4D79658D991A8B5D6
                                                                                                              SHA1:B48603F6A1DFFAB2FF458780025F6A3C2E523C3C
                                                                                                              SHA-256:1316730BBC50851C02F53254F9C57B99AF50A07BB0776332D1480BABD626F39A
                                                                                                              SHA-512:38334452808E5D203B287E2F4A47B8F5BBCE1ED18FABCFA4A61B8C04429150DFBFFE2241323B3C87D90ABBABBED49A5CEA584CC1CE83BF519BB728E1D6AC18EB
                                                                                                              Malicious:true
                                                                                                              Yara Hits:
                                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\~$cache1, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\~$cache1, Author: Joe Security
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 94%
                                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                              C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              File Type:MS Windows registry file, NT/2000 or above
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1835008
                                                                                                              Entropy (8bit):4.421769894159647
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:OSvfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnNT0uhiTw:tvloTMW+EZMM6DFyp03w
                                                                                                              MD5:BCE3F83733593FBFC224D12FA95888B9
                                                                                                              SHA1:5238077900D6ED2BA72BA99BCE03BA797DEB713D
                                                                                                              SHA-256:324A20AC5971BDAE37D62B282F4E040CB413315FFF902DED210CA7759C9A2E87
                                                                                                              SHA-512:E9257A7468C8EAC332100A54B8BC620250E5E8A102149E1EFA0D5F449E3BF7360CF6F3EFCD2B1997800CE97614DFD0E06D04CF8AB824890C1EDCDBF99C985220
                                                                                                              Malicious:false
                                                                                                              Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm*]..M]................................................................................................................................................................................................................................................................................................................................................"........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Entropy (8bit):7.938941354909632
                                                                                                              TrID:
                                                                                                              • Win32 Executable (generic) a (10002005/4) 93.21%
                                                                                                              • Win32 Executable Borland Delphi 7 (665061/41) 6.20%
                                                                                                              • InstallShield setup (43055/19) 0.40%
                                                                                                              • Win32 Executable Delphi generic (14689/80) 0.14%
                                                                                                              • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                              File name:file.exe
                                                                                                              File size:5'844'992 bytes
                                                                                                              MD5:0c5dc3d854163db3f05e69da8c482963
                                                                                                              SHA1:848e0dbd6b93c57b4178c5427f937c2826f888a1
                                                                                                              SHA256:d9208fb65a6bd0364e830e1ff3689b07724d34dca35f5e9cd0c457278675eb59
                                                                                                              SHA512:29414dc97fd959afe6dd6b41c4fef64942c19181b423549fd6f326ed0ca6466049449a3141965eb133defa2a714321ff34793e66ea57d5643e34f07fd9b41909
                                                                                                              SSDEEP:98304:Rnsmtk2aIuLgywiN1ah6HcG0UJrN7SDgndrHZDMeaNNjt0CKKBgY2r71pZ/APaOb:tLK7wq1W6HqULS8djZDTaNNeCKVP5ORV
                                                                                                              TLSH:64462322F2D18077D1332A3D9D6BA3A95829BE502F38794A77F42D8C5F7E38129152D3
                                                                                                              File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                              File Icon

                                                                                                              Icon Hash:878fd7f3b9353593

                                                                                                              Static PE Info

                                                                                                              General

                                                                                                              Entrypoint:0x49ab80
                                                                                                              Entrypoint Section:CODE
                                                                                                              Digitally signed:false
                                                                                                              Imagebase:0x400000
                                                                                                              Subsystem:windows gui
                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                              DLL Characteristics:
                                                                                                              Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                              TLS Callbacks:
                                                                                                              CLR (.Net) Version:
                                                                                                              OS Version Major:4
                                                                                                              OS Version Minor:0
                                                                                                              File Version Major:4
                                                                                                              File Version Minor:0
                                                                                                              Subsystem Version Major:4
                                                                                                              Subsystem Version Minor:0
                                                                                                              Import Hash:332f7ce65ead0adfb3d35147033aabe9

                                                                                                              Entrypoint Preview

                                                                                                              Instruction
                                                                                                              push ebp
                                                                                                              mov ebp, esp
                                                                                                              add esp, FFFFFFF0h
                                                                                                              mov eax, 0049A778h
                                                                                                              call 00007FBA34E62FDDh
                                                                                                              mov eax, dword ptr [0049DBCCh]
                                                                                                              mov eax, dword ptr [eax]
                                                                                                              call 00007FBA34EB6925h
                                                                                                              mov eax, dword ptr [0049DBCCh]
                                                                                                              mov eax, dword ptr [eax]
                                                                                                              mov edx, 0049ABE0h
                                                                                                              call 00007FBA34EB6524h
                                                                                                              mov ecx, dword ptr [0049DBDCh]
                                                                                                              mov eax, dword ptr [0049DBCCh]
                                                                                                              mov eax, dword ptr [eax]
                                                                                                              mov edx, dword ptr [00496590h]
                                                                                                              call 00007FBA34EB6914h
                                                                                                              mov eax, dword ptr [0049DBCCh]
                                                                                                              mov eax, dword ptr [eax]
                                                                                                              call 00007FBA34EB6988h
                                                                                                              call 00007FBA34E60ABBh
                                                                                                              add byte ptr [eax], al

                                                                                                              Data Directories

                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xa00000x2a42.idata
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x4e8688.rsrc
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xa50000xa980.reloc
                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0xa40180x21.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0xa40000x18.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                              Sections

                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                              CODE0x10000x99bec0x99c0033fbe30e8a64654287edd1bf05ae7c8cFalse0.5141641260162602data6.572957870355296IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                              DATA0x9b0000x2e540x30001f5e19e7d20c1d128443d738ac7bc610False0.453125data4.854620797809023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                              BSS0x9e0000x11e50x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                              .idata0xa00000x2a420x2c0021ff53180b390dc06e3a1adf0e57a073False0.3537819602272727data4.919333216027082IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                              .tls0xa30000x100x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                              .rdata0xa40000x390x200a92cf494c617731a527994013429ad97False0.119140625MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "J"0.7846201577093705IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                              .reloc0xa50000xa9800xaa00dcd1b1c3f3d28d444920211170d1e8e6False0.5899816176470588data6.674124985579511IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                              .rsrc0xb00000x4e86880x4e880065a65a983190b4447f0702dac92b3f83unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                                                                              Resources

                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                              RT_CURSOR0xb0dc80x134Targa image data - Map 64 x 65536 x 1 +32 "\001"0.38636363636363635
                                                                                                              RT_CURSOR0xb0efc0x134data0.4642857142857143
                                                                                                              RT_CURSOR0xb10300x134data0.4805194805194805
                                                                                                              RT_CURSOR0xb11640x134data0.38311688311688313
                                                                                                              RT_CURSOR0xb12980x134data0.36038961038961037
                                                                                                              RT_CURSOR0xb13cc0x134data0.4090909090909091
                                                                                                              RT_CURSOR0xb15000x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"0.4967532467532468
                                                                                                              RT_BITMAP0xb16340x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                                              RT_BITMAP0xb18040x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 3800.46487603305785125
                                                                                                              RT_BITMAP0xb19e80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                                              RT_BITMAP0xb1bb80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39870689655172414
                                                                                                              RT_BITMAP0xb1d880x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.4245689655172414
                                                                                                              RT_BITMAP0xb1f580x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5021551724137931
                                                                                                              RT_BITMAP0xb21280x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5064655172413793
                                                                                                              RT_BITMAP0xb22f80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                                              RT_BITMAP0xb24c80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5344827586206896
                                                                                                              RT_BITMAP0xb26980x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                                              RT_BITMAP0xb28680xe8Device independent bitmap graphic, 16 x 16 x 4, image size 1280.4870689655172414
                                                                                                              RT_ICON0xb29500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.07223264540337711
                                                                                                              RT_ICON0xb39f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 8192TurkishTurkey0.2101313320825516
                                                                                                              RT_DIALOG0xb4aa00x52data0.7682926829268293
                                                                                                              RT_STRING0xb4af40x358data0.3796728971962617
                                                                                                              RT_STRING0xb4e4c0x428data0.37406015037593987
                                                                                                              RT_STRING0xb52740x3a4data0.40879828326180256
                                                                                                              RT_STRING0xb56180x3bcdata0.33472803347280333
                                                                                                              RT_STRING0xb59d40x2d4data0.4654696132596685
                                                                                                              RT_STRING0xb5ca80x334data0.42804878048780487
                                                                                                              RT_STRING0xb5fdc0x42cdata0.42602996254681647
                                                                                                              RT_STRING0xb64080x1f0data0.4213709677419355
                                                                                                              RT_STRING0xb65f80x1c0data0.44419642857142855
                                                                                                              RT_STRING0xb67b80xdcdata0.6
                                                                                                              RT_STRING0xb68940x320data0.45125
                                                                                                              RT_STRING0xb6bb40xd8data0.5879629629629629
                                                                                                              RT_STRING0xb6c8c0x118data0.5678571428571428
                                                                                                              RT_STRING0xb6da40x268data0.4707792207792208
                                                                                                              RT_STRING0xb700c0x3f8data0.37598425196850394
                                                                                                              RT_STRING0xb74040x378data0.41103603603603606
                                                                                                              RT_STRING0xb777c0x380data0.35379464285714285
                                                                                                              RT_STRING0xb7afc0x374data0.4061085972850679
                                                                                                              RT_STRING0xb7e700xe0data0.5535714285714286
                                                                                                              RT_STRING0xb7f500xbcdata0.526595744680851
                                                                                                              RT_STRING0xb800c0x368data0.40940366972477066
                                                                                                              RT_STRING0xb83740x3fcdata0.34901960784313724
                                                                                                              RT_STRING0xb87700x2fcdata0.36649214659685864
                                                                                                              RT_STRING0xb8a6c0x354data0.31572769953051644
                                                                                                              RT_RCDATA0xb8dc00x44data0.8676470588235294
                                                                                                              RT_RCDATA0xb8e040x10data1.5
                                                                                                              RT_RCDATA0xb8e140x4d6958PE32 executable (GUI) Intel 80386, for MS Windows0.9793319702148438
                                                                                                              RT_RCDATA0x58f76c0x3ASCII text, with no line terminatorsTurkishTurkey3.6666666666666665
                                                                                                              RT_RCDATA0x58f7700x3c00PE32 executable (DLL) (GUI) Intel 80386, for MS WindowsTurkishTurkey0.54296875
                                                                                                              RT_RCDATA0x5933700x64cdata0.5998759305210918
                                                                                                              RT_RCDATA0x5939bc0x153Delphi compiled form 'TFormVir'0.7522123893805309
                                                                                                              RT_RCDATA0x593b100x47d3Microsoft Excel 2007+TurkishTurkey0.8675150921846957
                                                                                                              RT_GROUP_CURSOR0x5982e40x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                              RT_GROUP_CURSOR0x5982f80x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                              RT_GROUP_CURSOR0x59830c0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                              RT_GROUP_CURSOR0x5983200x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                              RT_GROUP_CURSOR0x5983340x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                              RT_GROUP_CURSOR0x5983480x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                              RT_GROUP_CURSOR0x59835c0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                              RT_GROUP_ICON0x5983700x14dataTurkishTurkey1.1
                                                                                                              RT_VERSION0x5983840x304dataTurkishTurkey0.42875647668393785

                                                                                                              Imports

                                                                                                              DLLImport
                                                                                                              kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
                                                                                                              user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                                                                                              advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                              oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                              kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                                              advapi32.dllRegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegNotifyChangeKeyValue, RegFlushKey, RegDeleteValueA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, AdjustTokenPrivileges
                                                                                                              kernel32.dlllstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, WaitForMultipleObjects, VirtualQuery, VirtualAlloc, UpdateResourceA, UnmapViewOfFile, TerminateProcess, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryA, ReadFile, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileA, MapViewOfFile, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, EndUpdateResourceA, DeleteFileA, DeleteCriticalSection, CreateThread, CreateProcessA, CreatePipe, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CloseHandle, BeginUpdateResourceA
                                                                                                              version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                                              gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                                                                                              user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, ToAsciiEx, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MapWindowPoints, MapVirtualKeyExA, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextLengthA, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                              ole32.dllCLSIDFromString
                                                                                                              kernel32.dllSleep
                                                                                                              oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                                              ole32.dllCLSIDFromProgID, CoCreateInstance, CoUninitialize, CoInitialize
                                                                                                              oleaut32.dllGetErrorInfo, SysFreeString
                                                                                                              comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                                              shell32.dllShellExecuteExA, ExtractIconExW
                                                                                                              wininet.dllInternetGetConnectedState, InternetReadFile, InternetOpenUrlA, InternetOpenA, InternetCloseHandle
                                                                                                              shell32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder
                                                                                                              advapi32.dllOpenSCManagerA, CloseServiceHandle
                                                                                                              wsock32.dllWSACleanup, WSAStartup, gethostname, gethostbyname, inet_ntoa
                                                                                                              netapi32.dllNetbios

                                                                                                              Possible Origin

                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                              TurkishTurkey

                                                                                                              Network Behavior

                                                                                                              Suricata IDS Alerts

                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                              2025-01-02T20:31:45.930913+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549709142.250.185.174443TCP
                                                                                                              2025-01-02T20:31:45.941615+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549710142.250.185.174443TCP
                                                                                                              2025-01-02T20:31:46.312424+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.54971369.42.215.25280TCP
                                                                                                              2025-01-02T20:31:46.970844+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549715142.250.185.174443TCP
                                                                                                              2025-01-02T20:31:47.067354+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549714142.250.185.174443TCP
                                                                                                              2025-01-02T20:31:48.000755+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549719142.250.185.174443TCP
                                                                                                              2025-01-02T20:31:48.372196+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549720142.250.185.174443TCP
                                                                                                              2025-01-02T20:31:49.047902+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549725142.250.185.174443TCP
                                                                                                              2025-01-02T20:31:49.544592+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549726142.250.185.174443TCP
                                                                                                              2025-01-02T20:31:50.797021+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549739142.250.185.174443TCP
                                                                                                              2025-01-02T20:31:50.811904+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549740142.250.185.174443TCP
                                                                                                              2025-01-02T20:31:51.820370+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549744142.250.185.174443TCP
                                                                                                              2025-01-02T20:31:51.832213+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549746142.250.185.174443TCP
                                                                                                              2025-01-02T20:31:52.925238+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549749142.250.185.174443TCP
                                                                                                              2025-01-02T20:31:53.097090+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549748142.250.185.174443TCP
                                                                                                              2025-01-02T20:31:53.767271+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549755142.250.185.174443TCP
                                                                                                              2025-01-02T20:31:54.152575+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549757142.250.185.174443TCP
                                                                                                              2025-01-02T20:31:54.790036+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549763142.250.185.174443TCP
                                                                                                              2025-01-02T20:31:55.246917+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549770142.250.185.174443TCP
                                                                                                              2025-01-02T20:31:55.853847+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549777142.250.185.174443TCP

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Jan 2, 2025 20:31:44.806067944 CET49709443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:44.806117058 CET44349709142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:44.806236029 CET49709443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:44.818998098 CET49709443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:44.819014072 CET44349709142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:44.831698895 CET49710443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:44.831731081 CET44349710142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:44.831815958 CET49710443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:44.832060099 CET49710443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:44.832070112 CET44349710142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.558376074 CET44349709142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.558473110 CET49709443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.559160948 CET44349709142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.559250116 CET49709443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.560765028 CET44349710142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.560828924 CET49710443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.561687946 CET44349710142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.561752081 CET49710443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.639297962 CET49709443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.639327049 CET44349709142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.639767885 CET44349709142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.639827013 CET49709443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.640513897 CET49710443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.640532970 CET44349710142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.640995979 CET44349710142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.641097069 CET49710443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.642925978 CET49709443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.643069983 CET49710443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.683331966 CET44349710142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.683361053 CET44349709142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.687094927 CET4971380192.168.2.569.42.215.252
                                                                                                              Jan 2, 2025 20:31:45.691874027 CET804971369.42.215.252192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.691946983 CET4971380192.168.2.569.42.215.252
                                                                                                              Jan 2, 2025 20:31:45.692130089 CET4971380192.168.2.569.42.215.252
                                                                                                              Jan 2, 2025 20:31:45.696887970 CET804971369.42.215.252192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.930924892 CET44349709142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.931014061 CET49709443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.931046009 CET44349709142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.931883097 CET44349709142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.932005882 CET49709443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.936373949 CET49709443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.936392069 CET44349709142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.937593937 CET49714443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.937650919 CET44349714142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.937860012 CET49714443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.941536903 CET49714443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.941562891 CET44349714142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.941586971 CET44349710142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.942122936 CET49710443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.942141056 CET44349710142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.942558050 CET49710443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.942630053 CET44349710142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.942679882 CET44349710142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.942728996 CET49710443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.944155931 CET49710443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.944755077 CET49715443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.944763899 CET49710443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.944777012 CET44349710142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.944798946 CET44349715142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.944884062 CET49715443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.949477911 CET49715443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:45.949496984 CET44349715142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.972276926 CET49716443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:45.972317934 CET44349716142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.972652912 CET49717443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:45.972695112 CET44349717142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.972717047 CET49716443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:45.972898960 CET49717443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:45.973169088 CET49716443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:45.973171949 CET49717443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:45.973185062 CET44349717142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.973187923 CET44349716142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:46.312208891 CET804971369.42.215.252192.168.2.5
                                                                                                              Jan 2, 2025 20:31:46.312423944 CET4971380192.168.2.569.42.215.252
                                                                                                              Jan 2, 2025 20:31:46.578927040 CET44349715142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:46.579315901 CET49715443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:46.580035925 CET49715443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:46.580045938 CET44349715142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:46.580497026 CET44349714142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:46.580574036 CET49714443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:46.582596064 CET49715443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:46.582602978 CET44349715142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:46.585614920 CET49714443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:46.585614920 CET49714443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:46.585623026 CET44349714142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:46.585637093 CET44349714142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:46.611634970 CET44349716142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:46.612083912 CET49716443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:46.613780975 CET44349717142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:46.613939047 CET49717443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:46.633311033 CET49716443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:46.633330107 CET44349716142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:46.633630037 CET44349716142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:46.633781910 CET49716443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:46.636733055 CET49716443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:46.636742115 CET49717443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:46.636765957 CET44349717142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:46.637121916 CET44349717142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:46.637247086 CET49717443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:46.637516975 CET49717443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:46.679339886 CET44349716142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:46.683337927 CET44349717142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:46.970822096 CET44349715142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:46.970937967 CET49715443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:46.971060991 CET49715443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:46.971112967 CET44349715142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:46.971179962 CET49715443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:46.971981049 CET49719443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:46.972026110 CET44349719142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:46.972100973 CET49719443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:46.972292900 CET49719443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:46.972306013 CET44349719142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.036345959 CET44349716142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.036396027 CET44349716142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.036437035 CET49716443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.036468983 CET44349716142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.036689043 CET49716443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.036689043 CET49716443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.036830902 CET44349716142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.036880970 CET49716443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.036900997 CET44349716142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.036948919 CET49716443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.067365885 CET44349714142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.067446947 CET49714443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:47.067460060 CET44349714142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.067509890 CET49714443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:47.068413019 CET44349714142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.068460941 CET44349714142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.068504095 CET49714443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:47.068504095 CET49714443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:47.196482897 CET44349717142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.196541071 CET44349717142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.196726084 CET49717443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.196726084 CET49717443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.196764946 CET44349717142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.196841955 CET49717443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.200087070 CET44349717142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.200149059 CET44349717142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.200172901 CET49717443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.200206041 CET49717443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.318419933 CET49714443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:47.318447113 CET44349714142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.318814993 CET49720443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:47.318862915 CET44349720142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.319005013 CET49720443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:47.319116116 CET49720443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:47.319125891 CET44349720142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.329843044 CET49716443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.329869986 CET44349716142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.331049919 CET49721443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.331104040 CET44349721142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.331162930 CET49721443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.331403971 CET49717443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.331413984 CET44349717142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.332019091 CET49721443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.332036018 CET44349721142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.332252979 CET49722443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.332285881 CET44349722142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.332350016 CET49722443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.332645893 CET49722443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.332658052 CET44349722142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.613289118 CET44349719142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.613373995 CET49719443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:47.614070892 CET44349719142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.614121914 CET49719443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:47.618382931 CET49719443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:47.618395090 CET44349719142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.618654966 CET44349719142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.618704081 CET49719443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:47.619138002 CET49719443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:47.659341097 CET44349719142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.961927891 CET44349721142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.961999893 CET49721443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.962574959 CET49721443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.962590933 CET44349721142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.965827942 CET49721443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.965835094 CET44349721142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.975235939 CET44349720142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.975328922 CET49720443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:47.976085901 CET44349720142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.976154089 CET49720443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:47.987416029 CET44349722142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.987643957 CET49722443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.987938881 CET49722443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.987946033 CET44349722142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.988219023 CET49720443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:47.988234997 CET44349720142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.988485098 CET44349720142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:47.988600969 CET49720443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:47.988998890 CET49720443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:47.989823103 CET49722443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:47.989829063 CET44349722142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.000773907 CET44349719142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.000828028 CET49719443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:48.000837088 CET44349719142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.000875950 CET49719443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:48.001089096 CET49719443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:48.001142025 CET44349719142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.001194000 CET49719443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:48.001223087 CET49719443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:48.001970053 CET49725443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:48.002012014 CET44349725142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.002070904 CET49725443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:48.002284050 CET49725443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:48.002299070 CET44349725142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.031336069 CET44349720142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.372200966 CET44349720142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.372311115 CET49720443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:48.372392893 CET49720443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:48.372433901 CET44349720142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.372515917 CET49720443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:48.373311996 CET49726443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:48.373351097 CET44349726142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.373747110 CET49726443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:48.373975039 CET49726443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:48.374000072 CET44349726142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.387811899 CET44349721142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.387856007 CET44349721142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.387892008 CET49721443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:48.387892008 CET49721443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:48.387919903 CET44349721142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.387968063 CET49721443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:48.387973070 CET44349721142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.388017893 CET49721443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:48.388727903 CET49721443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:48.388740063 CET44349721142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.389324903 CET49727443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:48.389358044 CET44349727142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.390539885 CET49727443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:48.390855074 CET49727443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:48.390875101 CET44349727142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.542762041 CET44349722142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.542828083 CET44349722142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.542854071 CET49722443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:48.542910099 CET44349722142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.542934895 CET49722443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:48.542968035 CET44349722142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.543056011 CET49722443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:48.543704987 CET49722443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:48.543746948 CET44349722142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.544147015 CET49729443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:48.544171095 CET44349729142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.544270039 CET49729443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:48.544461966 CET49729443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:48.544476986 CET44349729142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.648905039 CET44349725142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.649024010 CET49725443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:48.649693012 CET44349725142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.649749994 CET49725443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:48.653569937 CET49725443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:48.653582096 CET44349725142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.653822899 CET44349725142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:48.653889894 CET49725443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:48.654227972 CET49725443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:48.699333906 CET44349725142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.020708084 CET44349726142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.020874023 CET49726443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.021465063 CET44349726142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.021527052 CET49726443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.033071041 CET49726443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.033098936 CET44349726142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.033360004 CET44349726142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.033426046 CET49726443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.033793926 CET49726443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.039030075 CET44349727142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.039088011 CET49727443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:49.039345980 CET49727443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:49.039351940 CET44349727142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.039496899 CET49727443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:49.039501905 CET44349727142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.047909975 CET44349725142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.048099041 CET44349725142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.048160076 CET49725443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.048255920 CET49725443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.048274040 CET44349725142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.048726082 CET49732443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.048774004 CET44349732142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.048917055 CET49732443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.049206018 CET49732443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.049227953 CET44349732142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.075335979 CET44349726142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.192986965 CET44349729142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.193042994 CET49729443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:49.193439007 CET49729443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:49.193447113 CET44349729142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.193625927 CET49729443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:49.193630934 CET44349729142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.544563055 CET44349726142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.544639111 CET49726443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.544658899 CET44349726142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.544755936 CET49726443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.544785023 CET49726443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.544838905 CET44349726142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.544914007 CET49726443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.545326948 CET49736443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.545363903 CET44349736142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.545443058 CET49736443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.545834064 CET49736443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.545846939 CET44349736142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.591404915 CET44349727142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.591449022 CET44349727142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.591501951 CET49727443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:49.591512918 CET44349727142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.591553926 CET44349727142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.591559887 CET49727443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:49.591593981 CET49727443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:49.592219114 CET49727443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:49.592231989 CET44349727142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.592880964 CET49737443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:49.592916965 CET44349737142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.592978001 CET49737443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:49.593185902 CET49737443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:49.593200922 CET44349737142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.642790079 CET49732443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.642877102 CET49729443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:49.643147945 CET49736443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.643387079 CET49737443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:49.644783974 CET49738443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:49.644793987 CET44349738142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.644998074 CET49738443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:49.763652086 CET49739443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.763680935 CET44349739142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.763742924 CET49739443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.763835907 CET49740443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.763865948 CET44349740142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.764015913 CET49740443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.764309883 CET49738443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:49.764328003 CET44349738142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.764616013 CET49739443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.764631033 CET44349739142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:49.766395092 CET49740443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:49.766408920 CET44349740142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.396677017 CET44349739142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.396869898 CET49739443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.397468090 CET44349739142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.397531033 CET49739443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.403642893 CET44349738142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.403755903 CET49738443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:50.422916889 CET49739443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.422945976 CET44349739142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.423233032 CET44349739142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.423302889 CET49739443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.423495054 CET44349740142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.423549891 CET49740443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.423888922 CET49739443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.424465895 CET44349740142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.424511909 CET49740443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.432167053 CET49738443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:50.432180882 CET44349738142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.432465076 CET44349738142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.432529926 CET49738443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:50.432919025 CET49738443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:50.466531038 CET49740443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.466545105 CET44349740142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.466859102 CET44349740142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.467080116 CET49740443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.467483044 CET49740443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.471339941 CET44349739142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.475336075 CET44349738142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.515321970 CET44349740142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.797025919 CET44349739142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.797204971 CET49739443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.797231913 CET44349739142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.797282934 CET49739443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.797319889 CET49739443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.797355890 CET44349739142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.797408104 CET49739443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.797908068 CET49744443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.797935963 CET49745443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:50.797940016 CET44349744142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.797957897 CET44349745142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.798032045 CET49744443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.798218012 CET49745443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:50.798218012 CET49745443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:50.798247099 CET44349745142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.798266888 CET49744443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.798271894 CET44349744142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.811918974 CET44349740142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.811975002 CET49740443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.811985970 CET44349740142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.812031984 CET49740443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.812100887 CET49740443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.812138081 CET44349740142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.812261105 CET44349740142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.812330961 CET49740443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.812345982 CET49740443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.812562943 CET49746443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.812578917 CET44349746142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.812645912 CET49746443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.812853098 CET49746443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:50.812858105 CET44349746142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.827752113 CET44349738142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.827817917 CET44349738142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.827831984 CET49738443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:50.827847958 CET44349738142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.827891111 CET49738443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:50.827928066 CET44349738142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.827994108 CET49738443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:50.828488111 CET49738443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:50.828499079 CET44349738142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.828912973 CET49747443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:50.828934908 CET44349747142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:50.829236031 CET49747443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:50.829236031 CET49747443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:50.829257011 CET44349747142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.427217007 CET44349745142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.429488897 CET49745443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:51.430344105 CET44349744142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.431080103 CET44349744142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.431118011 CET49744443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.431152105 CET44349744142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.432929993 CET49744443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.433943033 CET49745443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:51.433958054 CET44349745142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.434346914 CET49745443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:51.434351921 CET44349745142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.435653925 CET49744443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.435669899 CET44349744142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.435897112 CET44349744142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.436041117 CET49744443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.436470032 CET49744443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.441467047 CET44349746142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.441554070 CET49746443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.442222118 CET44349746142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.442300081 CET49746443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.443628073 CET49746443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.443634987 CET44349746142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.443888903 CET44349746142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.444000959 CET49746443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.444350958 CET49746443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.466358900 CET44349747142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.466608047 CET49747443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:51.466919899 CET49747443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:51.466919899 CET49747443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:51.466927052 CET44349747142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.466939926 CET44349747142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.483346939 CET44349744142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.491334915 CET44349746142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.820317030 CET44349744142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.820439100 CET49744443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.820472002 CET44349744142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.820952892 CET49744443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.821194887 CET49744443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.821258068 CET44349744142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.821410894 CET49744443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.822726011 CET49748443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.822768927 CET44349748142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.825786114 CET49748443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.826097012 CET49748443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.826112032 CET44349748142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.832211971 CET44349746142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.832335949 CET49746443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.832413912 CET49746443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.832448959 CET44349746142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.832519054 CET49746443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.833137989 CET49749443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.833180904 CET44349749142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.833328962 CET49749443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.833914042 CET49749443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:51.833936930 CET44349749142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.841470003 CET44349745142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.841521025 CET44349745142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.841612101 CET49745443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:51.841631889 CET44349745142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.841645002 CET44349745142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.841680050 CET49745443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:51.841708899 CET49745443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:51.842170000 CET49745443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:51.842181921 CET44349745142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.842642069 CET49750443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:51.842678070 CET44349750142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.842742920 CET49750443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:51.843074083 CET49750443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:51.843086958 CET44349750142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.997773886 CET44349747142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.997827053 CET44349747142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.997884035 CET49747443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:51.997899055 CET44349747142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.997945070 CET49747443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:51.997948885 CET44349747142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.997960091 CET44349747142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.998011112 CET49747443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:51.998011112 CET49747443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:51.998814106 CET49747443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:51.998826981 CET44349747142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:51.999602079 CET49751443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:51.999645948 CET44349751142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.000272036 CET49751443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:52.000519991 CET49751443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:52.000536919 CET44349751142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.466073990 CET44349749142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.466157913 CET49749443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:52.466834068 CET44349749142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.466898918 CET49749443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:52.478173971 CET44349750142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.478264093 CET49750443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:52.489386082 CET49749443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:52.489409924 CET44349749142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.489758968 CET44349749142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.489890099 CET49749443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:52.490309954 CET49749443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:52.490552902 CET49750443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:52.490566969 CET44349750142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.493581057 CET49750443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:52.493591070 CET44349750142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.535332918 CET44349749142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.545111895 CET44349748142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.545207977 CET49748443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:52.545861006 CET44349748142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.545945883 CET49748443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:52.547597885 CET49748443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:52.547624111 CET44349748142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.547863007 CET44349748142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.547976971 CET49748443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:52.548387051 CET49748443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:52.595339060 CET44349748142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.671708107 CET44349751142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.671859980 CET49751443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:52.672247887 CET49751443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:52.672255039 CET44349751142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.672440052 CET49751443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:52.672446012 CET44349751142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.925235987 CET44349749142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.925296068 CET49749443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:52.925316095 CET44349749142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.925359964 CET49749443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:52.925491095 CET44349749142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.925534010 CET44349749142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.925556898 CET49749443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:52.925580025 CET49749443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:52.926460981 CET49749443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:52.926492929 CET44349749142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.927100897 CET49755443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:52.927150011 CET44349755142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.927383900 CET49755443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:52.927594900 CET49755443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:52.927606106 CET44349755142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.990272999 CET44349750142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.990331888 CET44349750142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.990411997 CET49750443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:52.990447044 CET44349750142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.990458965 CET49750443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:52.990461111 CET44349750142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.990533113 CET49750443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:52.991986990 CET49750443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:52.992005110 CET44349750142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.993155003 CET49756443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:52.993195057 CET44349756142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.993282080 CET49756443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:52.993947983 CET49756443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:52.993959904 CET44349756142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.097100019 CET44349748142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.097606897 CET49748443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:53.097953081 CET44349748142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.098001957 CET44349748142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.098028898 CET49748443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:53.098072052 CET49748443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:53.099450111 CET49748443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:53.099450111 CET49748443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:53.099473953 CET44349748142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.099555016 CET49748443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:53.100713015 CET49757443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:53.100766897 CET44349757142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.101464987 CET49757443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:53.102375031 CET49757443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:53.102399111 CET44349757142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.225662947 CET44349751142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.225709915 CET44349751142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.225776911 CET49751443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:53.225795984 CET44349751142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.225821018 CET44349751142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.225863934 CET49751443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:53.227128029 CET49751443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:53.227143049 CET44349751142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.228499889 CET49761443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:53.228538036 CET44349761142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.228606939 CET49761443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:53.228856087 CET49761443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:53.228868008 CET44349761142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.616449118 CET44349755142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.616605043 CET49755443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:53.617203951 CET49755443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:53.617214918 CET44349755142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.617512941 CET49755443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:53.617517948 CET44349755142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.651495934 CET44349756142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.651681900 CET49756443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:53.652262926 CET49756443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:53.652275085 CET44349756142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.652477026 CET49756443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:53.652482986 CET44349756142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.761879921 CET44349757142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.761959076 CET49757443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:53.762494087 CET49757443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:53.762506962 CET44349757142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.762701035 CET49757443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:53.762707949 CET44349757142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.766818047 CET49761443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:53.766917944 CET49755443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:53.766942978 CET49756443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:53.770174026 CET49763443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:53.770211935 CET44349763142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:53.770760059 CET49763443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:53.771574974 CET49763443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:53.771590948 CET44349763142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.152573109 CET44349757142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.152637959 CET49757443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.152669907 CET44349757142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.152724981 CET49757443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.153342962 CET44349757142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.153393030 CET44349757142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.153397083 CET49757443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.153562069 CET49757443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.154831886 CET49757443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.154849052 CET44349757142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.155668020 CET49769443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:54.155714989 CET44349769142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.155951977 CET49769443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:54.156297922 CET49770443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.156343937 CET44349770142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.156428099 CET49770443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.191807985 CET49770443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.191833973 CET44349770142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.192688942 CET49769443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:54.192706108 CET44349769142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.402538061 CET44349763142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.402657986 CET49763443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.405293941 CET49763443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.405302048 CET44349763142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.423203945 CET49763443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.423209906 CET44349763142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.790071964 CET44349763142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.790188074 CET49763443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.790195942 CET44349763142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.790255070 CET49763443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.791683912 CET44349763142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.791728973 CET44349763142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.791838884 CET49763443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.795576096 CET49763443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.795584917 CET44349763142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.796571970 CET49776443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:54.796581030 CET44349776142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.796922922 CET49777443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.796927929 CET49776443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:54.796973944 CET44349777142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.797025919 CET49777443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.797285080 CET49776443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:54.797295094 CET44349776142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.797472000 CET49777443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.797492027 CET44349777142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.851475000 CET44349769142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.851558924 CET49769443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:54.853903055 CET44349770142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.853995085 CET49770443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.894610882 CET49769443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:54.894623995 CET44349769142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.894879103 CET44349769142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.894915104 CET49770443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.894933939 CET44349770142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.894953012 CET49769443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:54.895096064 CET49770443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:54.895101070 CET44349770142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:54.895328045 CET49769443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:54.943336964 CET44349769142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.246942997 CET44349770142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.247014046 CET49770443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:55.247039080 CET44349770142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.247123957 CET49770443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:55.247226954 CET49770443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:55.247266054 CET44349770142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.247334957 CET49770443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:55.248073101 CET49779443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:55.248100996 CET44349779142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.248168945 CET49779443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:55.248415947 CET49779443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:55.248430014 CET44349779142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.285712957 CET44349769142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.285769939 CET44349769142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.285831928 CET49769443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:55.285861015 CET44349769142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.286118031 CET49769443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:55.286789894 CET49769443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:55.286829948 CET44349769142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.286894083 CET49769443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:55.287712097 CET49780443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:55.287755013 CET44349780142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.287895918 CET49780443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:55.288249969 CET49780443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:55.288265944 CET44349780142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.426361084 CET44349776142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.426444054 CET49776443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:55.428195953 CET49776443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:55.428204060 CET44349776142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.428463936 CET44349776142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.428564072 CET49776443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:55.429023027 CET49776443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:55.444348097 CET44349777142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.444427967 CET49777443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:55.445111990 CET44349777142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.445182085 CET49777443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:55.446963072 CET49777443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:55.446975946 CET44349777142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.447216034 CET44349777142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.447272062 CET49777443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:55.447665930 CET49777443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:55.471339941 CET44349776142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.495327950 CET44349777142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.853852034 CET44349777142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.853931904 CET49777443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:55.853959084 CET44349777142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.854007959 CET44349777142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.854022026 CET49777443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:55.854100943 CET49777443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:55.854408979 CET49777443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:55.854434013 CET44349777142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.855638981 CET49786443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:55.855681896 CET44349786142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.855783939 CET49786443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:55.856087923 CET49786443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:55.856101036 CET44349786142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.864701033 CET44349776142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.864769936 CET44349776142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.864784956 CET49776443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:55.864810944 CET44349776142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.864835978 CET49776443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:55.864861965 CET49776443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:55.865406036 CET44349776142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.865449905 CET49776443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:55.865457058 CET44349776142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.865499020 CET49776443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:55.870194912 CET49776443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:55.870209932 CET44349776142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.871339083 CET49787443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:55.871383905 CET44349787142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.871464014 CET49787443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:55.871691942 CET49787443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:55.871702909 CET44349787142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.990160942 CET44349779142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.990302086 CET49779443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:55.990931034 CET44349779142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:55.991012096 CET49779443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.012449026 CET44349780142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.012586117 CET49780443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.135993958 CET49779443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.136027098 CET44349779142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.136379004 CET44349779142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.136466980 CET49779443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.139604092 CET49780443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.139637947 CET44349780142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.139976025 CET44349780142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.140352964 CET49780443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.141026020 CET49780443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.162374020 CET49779443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.187341928 CET44349780142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.203330994 CET44349779142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.463500023 CET44349779142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.463572979 CET49779443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.463589907 CET44349779142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.463649035 CET49779443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.463769913 CET49779443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.463808060 CET44349779142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.463951111 CET44349779142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.463965893 CET49779443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.463999033 CET49779443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.464639902 CET49792443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.464696884 CET44349792142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.464782000 CET49792443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.465197086 CET49792443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.465209961 CET44349792142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.478296041 CET44349780142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.478343964 CET44349780142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.478379965 CET49780443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.478379965 CET49780443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.478458881 CET44349780142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.478512049 CET49780443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.478812933 CET44349780142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.478863955 CET44349780142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.478869915 CET49780443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.478924990 CET49780443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.479351997 CET49780443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.479351997 CET49780443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.479382038 CET44349780142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.479553938 CET49780443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.479959011 CET49793443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.479975939 CET44349793142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.480108023 CET49793443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.480395079 CET49793443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.480410099 CET44349793142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.502052069 CET44349787142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.502327919 CET49787443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.502763987 CET49787443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.502769947 CET44349787142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.503046989 CET49787443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.503051043 CET44349787142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.503762960 CET44349786142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.503822088 CET49786443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.504348993 CET49786443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.504358053 CET44349786142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.506752968 CET49786443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.506757975 CET44349786142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.896601915 CET44349786142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.896655083 CET49786443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.896800041 CET49786443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.896833897 CET44349786142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.896891117 CET49786443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.897675037 CET49796443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.897720098 CET44349796142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.897804976 CET49796443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.898098946 CET49796443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:56.898113966 CET44349796142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.923120975 CET44349787142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.923175097 CET44349787142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.923196077 CET49787443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.923227072 CET44349787142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.923242092 CET49787443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.923275948 CET49787443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.923280001 CET44349787142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.923307896 CET44349787142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.923361063 CET49787443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.925116062 CET49787443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.925132036 CET44349787142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.926049948 CET49797443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.926098108 CET44349797142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:56.926225901 CET49797443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.926630974 CET49797443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:56.926647902 CET44349797142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.096031904 CET44349792142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.096110106 CET49792443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.096812010 CET44349792142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.096858978 CET49792443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.104484081 CET44349793142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.104562998 CET49793443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:57.123076916 CET49792443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.123106956 CET44349792142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.123333931 CET49793443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:57.123347044 CET44349793142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.123353958 CET44349792142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.123409986 CET49792443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.124450922 CET49792443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.125276089 CET49793443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:57.125282049 CET44349793142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.171340942 CET44349792142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.476608038 CET44349792142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.476695061 CET49792443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.476886034 CET49792443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.476921082 CET44349792142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.476999998 CET49792443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.477646112 CET49801443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.477699041 CET44349801142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.477798939 CET49801443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.478178024 CET49801443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.478194952 CET44349801142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.526890993 CET44349796142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.526978970 CET49796443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.527703047 CET44349796142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.527775049 CET49796443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.529721022 CET49796443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.529741049 CET44349796142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.530004025 CET44349796142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.530076027 CET49796443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.530548096 CET49796443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.536045074 CET44349793142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.536091089 CET44349793142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.536118031 CET49793443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:57.536154032 CET44349793142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.536165953 CET49793443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:57.536205053 CET49793443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:57.536211014 CET44349793142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.536218882 CET44349793142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.536273956 CET49793443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:57.537070036 CET49793443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:57.537086964 CET44349793142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.537609100 CET49802443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:57.537647963 CET44349802142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.537728071 CET49802443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:57.537966013 CET49802443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:57.537977934 CET44349802142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.571333885 CET44349796142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.573204994 CET44349797142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.573280096 CET49797443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:57.573800087 CET49797443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:57.573807001 CET44349797142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.574008942 CET49797443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:57.574018002 CET44349797142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.767035007 CET49801443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.767124891 CET49796443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.767148972 CET49802443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:57.767163992 CET49797443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:57.767776966 CET49804443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.767831087 CET44349804142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.767914057 CET49804443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.768002033 CET49805443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.768042088 CET44349805142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.768096924 CET49805443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.768471956 CET49804443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.768486977 CET44349804142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:57.769092083 CET49805443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:57.769100904 CET44349805142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:58.404871941 CET44349804142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:58.404953003 CET49804443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:58.415457010 CET44349805142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:58.415519953 CET49805443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:58.522026062 CET49804443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:58.522053003 CET44349804142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:58.583044052 CET49804443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:58.583055019 CET44349804142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:58.583827972 CET49805443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:58.583846092 CET44349805142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:58.584124088 CET49805443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:58.584131002 CET44349805142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:58.873171091 CET44349804142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:58.873235941 CET49804443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:58.873380899 CET49804443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:58.873420000 CET44349804142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:58.873471022 CET49804443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:58.874660015 CET49812443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:58.874702930 CET44349812142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:58.874771118 CET49812443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:58.875117064 CET49812443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:58.875133991 CET44349812142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:58.878390074 CET44349805142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:58.878448963 CET49805443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:58.878462076 CET44349805142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:58.878504038 CET49805443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:58.878720999 CET49805443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:58.878760099 CET44349805142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:58.878813028 CET49805443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:58.879283905 CET49813443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:58.879326105 CET44349813142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:58.879384041 CET49813443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:58.880053043 CET49813443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:58.880064964 CET44349813142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:58.880542994 CET49815443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:58.880569935 CET44349815142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:58.880618095 CET49815443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:58.881058931 CET49815443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:58.881077051 CET44349815142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:58.881587029 CET49816443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:58.881603956 CET44349816142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:58.881659031 CET49816443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:58.881946087 CET49816443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:58.881957054 CET44349816142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.599623919 CET44349812142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.599698067 CET49812443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:59.600378990 CET44349812142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.600470066 CET49812443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:59.602668047 CET49812443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:59.602680922 CET44349812142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.602919102 CET44349812142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.603003025 CET49812443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:59.603420973 CET49812443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:59.615528107 CET44349815142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.615603924 CET49815443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:59.619030952 CET49815443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:59.619045019 CET44349815142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.619349957 CET44349815142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.619411945 CET49815443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:59.619839907 CET49815443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:59.620618105 CET44349813142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.620701075 CET49813443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:59.621356964 CET44349813142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.621418953 CET49813443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:59.621968985 CET44349816142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.622035027 CET49816443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:59.623477936 CET49813443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:59.623487949 CET44349813142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.623609066 CET49816443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:59.623614073 CET44349816142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.623775005 CET44349813142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.623826027 CET49813443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:59.623842001 CET44349816142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.623886108 CET49816443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:59.624315023 CET49816443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:31:59.624432087 CET49813443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:59.651334047 CET44349812142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.663341999 CET44349815142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.667331934 CET44349813142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.667342901 CET44349816142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.987571955 CET44349812142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.987653971 CET44349812142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.987653017 CET49812443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:59.987819910 CET49812443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:59.990856886 CET49812443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:59.990873098 CET44349812142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.991563082 CET49827443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:59.991605043 CET44349827142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:31:59.991799116 CET49827443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:59.992224932 CET49827443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:31:59.992242098 CET44349827142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.002593994 CET44349813142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.002691031 CET49813443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:00.002729893 CET44349813142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.002772093 CET49813443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:00.003055096 CET49813443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:00.003097057 CET44349813142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.003154039 CET49813443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:00.003638029 CET49828443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:00.003658056 CET44349828142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.003750086 CET49828443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:00.003993988 CET49828443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:00.004005909 CET44349828142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.089648008 CET44349815142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.089701891 CET44349815142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.089798927 CET49815443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:00.089831114 CET44349815142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.090074062 CET49815443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:00.090486050 CET44349815142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.090524912 CET44349815142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.090542078 CET49815443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:00.090578079 CET49815443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:00.090826035 CET49815443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:00.090842962 CET44349815142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.091367960 CET49829443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:00.091391087 CET44349829142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.091464043 CET49829443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:00.091689110 CET49829443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:00.091702938 CET44349829142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.231021881 CET44349816142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.231098890 CET49816443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:00.231103897 CET44349816142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.231128931 CET44349816142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.231148958 CET49816443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:00.231175900 CET49816443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:00.231182098 CET44349816142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.231209040 CET44349816142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.231230021 CET49816443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:00.231247902 CET49816443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:00.232233047 CET49816443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:00.232254028 CET44349816142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.232796907 CET49830443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:00.232825994 CET44349830142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.232892990 CET49830443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:00.233195066 CET49830443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:00.233205080 CET44349830142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.809912920 CET44349827142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.809995890 CET49827443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:00.810676098 CET44349827142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.810733080 CET49827443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:00.815599918 CET49827443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:00.815617085 CET44349827142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.815905094 CET44349827142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.815958023 CET49827443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:00.816441059 CET49827443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:00.846065998 CET44349828142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.846138000 CET49828443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:00.846714973 CET44349828142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.846765041 CET49828443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:00.849174976 CET49828443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:00.849186897 CET44349828142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.849458933 CET44349828142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.849536896 CET49828443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:00.850186110 CET49828443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:00.859338999 CET44349827142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:00.891335964 CET44349828142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.037934065 CET44349829142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.038018942 CET49829443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:01.038957119 CET49829443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:01.038966894 CET44349829142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.039264917 CET49829443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:01.039269924 CET44349829142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.307024002 CET44349830142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.307512999 CET49830443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:01.496927977 CET44349827142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.497287989 CET49827443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.497328043 CET44349827142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.497386932 CET49827443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.498018980 CET44349827142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.498070955 CET44349827142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.498075962 CET49827443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.498116016 CET49827443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.529361010 CET49830443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:01.529397964 CET44349830142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.531131983 CET49830443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:01.531153917 CET44349830142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.531526089 CET49827443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.531564951 CET44349827142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.532022953 CET49837443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.532074928 CET44349837142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.532151937 CET49837443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.532475948 CET49837443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.532490015 CET44349837142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.547003984 CET44349828142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.547147989 CET49828443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.547346115 CET49828443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.547385931 CET44349828142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.547491074 CET49828443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.548255920 CET49838443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.548305035 CET44349838142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.548456907 CET49838443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.548733950 CET49838443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.548743010 CET44349838142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.784753084 CET49829443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:01.784799099 CET49830443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:01.785021067 CET49837443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.785054922 CET49838443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.785646915 CET49839443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.785693884 CET44349839142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.785845041 CET49839443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.786539078 CET49839443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.786555052 CET44349839142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.789540052 CET49840443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:01.789577007 CET44349840142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.789680004 CET49840443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:01.791115046 CET49840443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:01.791134119 CET44349840142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.791858912 CET49841443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:01.791902065 CET44349841142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.792011976 CET49841443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:01.794097900 CET49841443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:01.794128895 CET44349841142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.794816017 CET49842443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.794841051 CET44349842142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:01.794904947 CET49842443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.797081947 CET49842443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:01.797091007 CET44349842142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:02.949093103 CET44349842142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:02.949181080 CET49842443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:02.949855089 CET44349842142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:02.949908972 CET49842443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:02.952312946 CET44349841142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:02.952398062 CET49841443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:02.956114054 CET49842443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:02.956132889 CET44349842142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:02.956227064 CET44349840142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:02.956326008 CET49840443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:02.956381083 CET44349842142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:02.956439972 CET49842443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:02.956788063 CET49840443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:02.956794024 CET44349840142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:02.956820965 CET49841443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:02.956839085 CET44349841142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:02.956985950 CET49841443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:02.956990957 CET44349841142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:02.957005024 CET49840443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:02.957010031 CET44349840142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:02.957431078 CET49842443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:02.999336958 CET44349842142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.229583025 CET44349839142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.229661942 CET49839443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.230633974 CET44349839142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.230686903 CET49839443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.232379913 CET49839443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.232392073 CET44349839142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.232630014 CET44349839142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.232692957 CET49839443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.233026028 CET49839443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.275326967 CET44349839142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.333925009 CET44349842142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.334024906 CET49842443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.334178925 CET49842443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.334208965 CET44349842142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.334264994 CET49842443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.334913015 CET49850443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.334953070 CET44349850142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.335058928 CET49850443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.335357904 CET49850443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.335367918 CET44349850142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.401936054 CET44349841142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.402019024 CET49841443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:03.402045012 CET44349841142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.402091026 CET49841443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:03.402096987 CET44349841142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.402168989 CET44349841142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.402173042 CET49841443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:03.402219057 CET49841443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:03.403117895 CET49841443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:03.403134108 CET44349841142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.403702021 CET49853443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:03.403749943 CET44349853142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.403821945 CET49853443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:03.404078960 CET49853443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:03.404088020 CET44349853142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.544596910 CET44349840142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.544657946 CET44349840142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.544734955 CET49840443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:03.544745922 CET44349840142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.544774055 CET44349840142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.544809103 CET49840443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:03.544838905 CET49840443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:03.566071987 CET49840443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:03.566083908 CET44349840142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.645848989 CET44349839142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.645929098 CET49839443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.646085978 CET49839443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.646117926 CET44349839142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.646190882 CET49839443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.646190882 CET49839443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.646831036 CET49858443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:03.646836042 CET49857443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.646856070 CET44349858142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.646876097 CET44349857142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.646919012 CET49858443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:03.646956921 CET49857443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.647192955 CET49858443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:03.647200108 CET44349858142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.647211075 CET49857443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.647222042 CET44349857142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.984764099 CET44349850142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.984868050 CET49850443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.985548973 CET44349850142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.985610962 CET49850443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.987538099 CET49850443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.987561941 CET44349850142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.987834930 CET44349850142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:03.987930059 CET49850443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:03.988373041 CET49850443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.035336018 CET44349850142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.063010931 CET44349853142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.063083887 CET49853443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.063749075 CET49853443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.063757896 CET44349853142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.065860033 CET49853443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.065865040 CET44349853142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.309084892 CET44349857142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.309179068 CET49857443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.310014963 CET44349857142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.310066938 CET49857443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.311814070 CET49857443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.311832905 CET44349857142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.312144995 CET44349857142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.312210083 CET49857443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.312920094 CET49857443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.319212914 CET44349858142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.319278002 CET49858443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.319592953 CET49858443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.319597960 CET44349858142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.319762945 CET49858443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.319766998 CET44349858142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.359333038 CET44349857142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.361964941 CET44349850142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.362040997 CET49850443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.362174988 CET49850443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.362224102 CET44349850142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.362323046 CET49850443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.362843037 CET49864443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.362889051 CET44349864142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.362961054 CET49864443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.363177061 CET49864443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.363190889 CET44349864142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.483215094 CET44349853142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.483268976 CET44349853142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.483280897 CET49853443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.483302116 CET44349853142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.483324051 CET49853443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.483378887 CET49853443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.483383894 CET44349853142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.483396053 CET44349853142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.483460903 CET49853443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.484643936 CET49853443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.484658003 CET44349853142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.485452890 CET49868443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.485512972 CET44349868142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.485588074 CET49868443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.486141920 CET49868443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.486156940 CET44349868142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.694977045 CET44349857142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.695063114 CET49857443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.695096016 CET44349857142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.695142984 CET49857443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.695203066 CET44349857142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.695242882 CET49857443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.695259094 CET44349857142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.695278883 CET49857443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.695288897 CET44349857142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.695307970 CET49857443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.696163893 CET49869443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.696202993 CET44349869142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.696343899 CET49869443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.696647882 CET49869443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.696659088 CET44349869142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.742808104 CET44349858142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.742860079 CET44349858142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.742882967 CET49858443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.742893934 CET44349858142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.742903948 CET49858443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.742953062 CET49858443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.742957115 CET44349858142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.742991924 CET49858443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.742995977 CET44349858142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.743031025 CET49858443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.743042946 CET44349858142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.743083954 CET49858443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.743870974 CET49858443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.743885040 CET44349858142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.744465113 CET49870443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.744523048 CET44349870142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.744594097 CET49870443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.744838953 CET49870443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:04.744857073 CET44349870142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.990314007 CET44349864142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.990406036 CET49864443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.991096973 CET49864443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.991107941 CET44349864142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:04.993211985 CET49864443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:04.993217945 CET44349864142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.120218992 CET44349868142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.120299101 CET49868443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:05.120831013 CET49868443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:05.120841980 CET44349868142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.120960951 CET49868443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:05.120969057 CET44349868142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.335002899 CET44349869142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.335062027 CET49869443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.335817099 CET49869443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.335824966 CET44349869142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.336092949 CET49869443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.336097956 CET44349869142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.382019043 CET44349864142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.382107019 CET49864443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.382138014 CET44349864142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.382278919 CET49864443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.382348061 CET49864443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.382380962 CET44349864142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.382428885 CET49864443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.383085966 CET49876443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.383122921 CET44349876142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.383317947 CET49876443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.383575916 CET49876443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.383585930 CET44349876142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.403650045 CET44349870142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.403712034 CET49870443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:05.404110909 CET49870443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:05.404120922 CET44349870142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.404284954 CET49870443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:05.404289961 CET44349870142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.547041893 CET44349868142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.547090054 CET44349868142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.547144890 CET49868443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:05.547158003 CET44349868142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.547178984 CET44349868142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.547203064 CET49868443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:05.547233105 CET49868443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:05.548254013 CET49868443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:05.548264027 CET44349868142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.549550056 CET49878443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:05.549575090 CET44349878142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.549666882 CET49878443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:05.550169945 CET49878443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:05.550179958 CET44349878142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.787164927 CET44349869142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.787233114 CET49869443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.787249088 CET44349869142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.787261009 CET44349869142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.787306070 CET49869443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.787333965 CET49869443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.787396908 CET49869443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.787411928 CET44349869142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.788012028 CET49881443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.788045883 CET44349881142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.788110971 CET49881443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.788417101 CET49881443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.788424969 CET44349881142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.797935009 CET49876443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.797998905 CET49870443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:05.798127890 CET49878443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:05.798531055 CET49882443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.798562050 CET44349882142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.798609018 CET49882443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.799294949 CET49882443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:05.799309015 CET44349882142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.800086021 CET49883443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:05.800117970 CET44349883142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.800237894 CET49883443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:05.801013947 CET49883443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:05.801024914 CET44349883142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.416877031 CET44349881142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.416981936 CET49881443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.417661905 CET44349881142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.417735100 CET49881443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.419980049 CET49881443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.419986963 CET44349881142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.420231104 CET44349881142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.420314074 CET49881443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.420691967 CET49881443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.432785034 CET44349883142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.432851076 CET49883443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:06.434859037 CET44349882142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.434984922 CET49882443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.435664892 CET44349882142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.435718060 CET49882443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.436249971 CET49883443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:06.436256886 CET44349883142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.436505079 CET44349883142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.436567068 CET49883443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:06.437040091 CET49883443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:06.437670946 CET49882443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.437685966 CET44349882142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.437952995 CET44349882142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.438015938 CET49882443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.438333988 CET49882443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.467329979 CET44349881142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.479337931 CET44349883142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.483330965 CET44349882142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.809149981 CET44349881142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.809220076 CET49881443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.809367895 CET49881443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.809391022 CET44349881142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.809458971 CET49881443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.809961081 CET49892443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.810002089 CET44349892142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.810070992 CET49892443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.810112000 CET49893443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:06.810229063 CET44349893142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.810311079 CET49893443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:06.810431004 CET49892443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.810441971 CET44349892142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.810540915 CET49893443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:06.810601950 CET44349893142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.834273100 CET44349882142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.834357977 CET49882443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.834448099 CET49882443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.834510088 CET44349882142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.834594965 CET49882443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.834947109 CET49895443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.834990025 CET44349895142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.835063934 CET49895443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.835261106 CET49895443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:06.835278988 CET44349895142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.856110096 CET44349883142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.856158018 CET44349883142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.856174946 CET49883443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:06.856195927 CET44349883142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.856216908 CET49883443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:06.856237888 CET49883443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:06.856242895 CET44349883142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.856271029 CET44349883142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.856282949 CET49883443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:06.856317997 CET49883443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:06.856987000 CET49883443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:06.857004881 CET44349883142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.857537031 CET49896443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:06.857566118 CET44349896142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:06.857933998 CET49896443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:06.858211040 CET49896443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:06.858225107 CET44349896142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.436489105 CET44349893142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.436570883 CET49893443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:07.436994076 CET49893443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:07.437007904 CET44349893142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.437165976 CET49893443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:07.437172890 CET44349893142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.460591078 CET44349892142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.460720062 CET49892443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.461325884 CET44349892142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.461385012 CET49892443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.465229988 CET49892443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.465251923 CET44349892142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.465584040 CET44349892142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.465905905 CET49892443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.466300011 CET49892443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.496814013 CET44349896142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.496884108 CET49896443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:07.497004986 CET44349895142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.497066021 CET49895443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.497371912 CET49896443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:07.497381926 CET44349896142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.497561932 CET49896443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:07.497570038 CET44349896142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.497766972 CET44349895142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.497814894 CET49895443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.499284983 CET49895443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.499290943 CET44349895142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.499577045 CET44349895142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.499641895 CET49895443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.500005007 CET49895443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.511332035 CET44349892142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.547338963 CET44349895142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.854351044 CET44349892142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.854454994 CET49892443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.854470968 CET44349892142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.854520082 CET49892443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.854629993 CET49892443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.854659081 CET44349892142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.854757071 CET49892443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.855237007 CET49904443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.855287075 CET44349904142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.855374098 CET49904443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.855763912 CET49904443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.855781078 CET44349904142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.858504057 CET44349893142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.858550072 CET44349893142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.858575106 CET49893443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:07.858608961 CET44349893142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.858623981 CET49893443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:07.858660936 CET49893443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:07.858664989 CET44349893142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.858742952 CET49893443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:07.859471083 CET49893443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:07.859488010 CET44349893142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.860050917 CET49905443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:07.860096931 CET44349905142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.860169888 CET49905443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:07.860518932 CET49905443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:07.860534906 CET44349905142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.885570049 CET44349895142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.885632038 CET49895443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.885658979 CET44349895142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.885704994 CET49895443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.885782003 CET49895443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.885821104 CET44349895142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.885870934 CET49895443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.886352062 CET49906443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.886392117 CET44349906142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:07.886519909 CET49906443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.886706114 CET49906443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:07.886715889 CET44349906142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.014739037 CET44349896142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.014796972 CET44349896142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.014808893 CET49896443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:08.014844894 CET44349896142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.014858961 CET49896443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:08.014908075 CET49896443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:08.014914989 CET44349896142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.014920950 CET44349896142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.014966965 CET49896443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:08.015788078 CET49896443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:08.015805006 CET44349896142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.016370058 CET49908443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:08.016421080 CET44349908142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.016493082 CET49908443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:08.016840935 CET49908443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:08.016859055 CET44349908142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.102423906 CET5486853192.168.2.5162.159.36.2
                                                                                                              Jan 2, 2025 20:32:08.107250929 CET5354868162.159.36.2192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.107433081 CET5486853192.168.2.5162.159.36.2
                                                                                                              Jan 2, 2025 20:32:08.112284899 CET5354868162.159.36.2192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.487458944 CET44349904142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.487576008 CET49904443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.488199949 CET44349904142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.488285065 CET49904443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.490036011 CET49904443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.490050077 CET44349904142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.490283966 CET44349904142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.490382910 CET49904443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.490796089 CET49904443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.498178959 CET44349905142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.498269081 CET49905443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:08.498568058 CET49905443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:08.498583078 CET44349905142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.500411987 CET49905443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:08.500432014 CET44349905142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.526477098 CET44349906142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.526602030 CET49906443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.527240992 CET44349906142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.527317047 CET49906443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.528990984 CET49906443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.529001951 CET44349906142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.529249907 CET44349906142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.529304028 CET49906443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.529618979 CET49906443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.535335064 CET44349904142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.575331926 CET44349906142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.578150034 CET5486853192.168.2.5162.159.36.2
                                                                                                              Jan 2, 2025 20:32:08.583142042 CET5354868162.159.36.2192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.583211899 CET5486853192.168.2.5162.159.36.2
                                                                                                              Jan 2, 2025 20:32:08.773121119 CET44349908142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.773190975 CET49908443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:08.773644924 CET49908443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:08.773653984 CET44349908142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.773837090 CET49908443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:08.773853064 CET44349908142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.978704929 CET44349904142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.978784084 CET49904443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.978802919 CET44349904142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.978842020 CET49904443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.979007006 CET49904443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.979067087 CET44349904142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.979231119 CET44349904142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.979294062 CET49904443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.979294062 CET49904443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.979660034 CET54876443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.979712963 CET44354876142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.979777098 CET54876443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.980025053 CET54876443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.980036974 CET44354876142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.997596025 CET44349906142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.997935057 CET49906443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.997951031 CET44349906142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.998044968 CET49906443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.998044968 CET49906443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.998081923 CET44349906142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.998128891 CET49906443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.998646021 CET54877443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.998688936 CET44354877142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.998754025 CET54877443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.998950005 CET54877443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:08.998965025 CET44354877142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.036036015 CET44349905142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.036087990 CET44349905142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.036154985 CET49905443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.036178112 CET44349905142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.036218882 CET49905443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.036449909 CET44349905142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.036494017 CET49905443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.036500931 CET44349905142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.036542892 CET49905443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.036979914 CET49905443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.036994934 CET44349905142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.037005901 CET49905443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.037039995 CET49905443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.037544012 CET54879443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.037589073 CET44354879142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.039604902 CET54879443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.039901972 CET54879443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.039911985 CET44354879142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.197431087 CET44349908142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.197479010 CET44349908142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.197544098 CET49908443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.197557926 CET44349908142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.197580099 CET44349908142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.197654963 CET49908443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.198756933 CET49908443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.198771000 CET44349908142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.199300051 CET54880443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.199357986 CET44354880142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.199428082 CET54880443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.199635983 CET54880443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.199649096 CET44354880142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.607911110 CET44354876142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.607985973 CET54876443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:09.608701944 CET44354876142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.608751059 CET54876443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:09.612277985 CET54876443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:09.612289906 CET44354876142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.612520933 CET44354876142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.612576962 CET54876443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:09.612899065 CET54876443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:09.634918928 CET44354877142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.634995937 CET54877443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:09.635701895 CET44354877142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.635749102 CET54877443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:09.637176991 CET54877443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:09.637183905 CET44354877142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.637443066 CET44354877142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.637495995 CET54877443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:09.637881041 CET54877443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:09.659332037 CET44354876142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.666528940 CET44354879142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.666745901 CET54879443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.666999102 CET54879443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.667010069 CET44354879142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.667088985 CET54879443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.667093039 CET44354879142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.683324099 CET44354877142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.813853025 CET54880443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.813905001 CET54876443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:09.813954115 CET54877443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:09.813978910 CET54879443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:09.815593004 CET54887443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:09.815622091 CET44354887142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.815685034 CET54887443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:09.816519976 CET54888443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:09.816551924 CET44354888142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.816632032 CET54888443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:09.817120075 CET54888443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:09.817128897 CET44354888142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:09.818535089 CET54887443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:09.818543911 CET44354887142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:10.454360008 CET44354888142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:10.454428911 CET54888443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:10.454906940 CET54888443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:10.454911947 CET44354888142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:10.455112934 CET54888443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:10.455116987 CET44354888142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:10.473907948 CET44354887142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:10.474118948 CET54887443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:10.474503040 CET54887443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:10.474509001 CET44354887142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:10.474684954 CET54887443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:10.474689007 CET44354887142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:10.837527990 CET44354888142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:10.837615013 CET54888443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:10.837641954 CET44354888142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:10.837687969 CET54888443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:10.837810993 CET54888443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:10.837841988 CET44354888142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:10.837896109 CET54888443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:10.838480949 CET54896443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:10.838530064 CET44354896142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:10.838589907 CET54897443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:10.838624001 CET44354897142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:10.838654995 CET54896443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:10.838670015 CET54897443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:10.838818073 CET54896443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:10.838829994 CET44354896142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:10.839055061 CET54897443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:10.839062929 CET44354897142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:10.862879038 CET44354887142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:10.862974882 CET54887443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:10.862997055 CET44354887142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:10.863132954 CET54887443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:10.863132954 CET54887443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:10.863162994 CET44354887142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:10.863209009 CET54887443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:10.863719940 CET54899443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:10.863732100 CET54898443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:10.863744974 CET44354899142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:10.863759995 CET44354898142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:10.863805056 CET54899443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:10.863838911 CET54898443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:10.864051104 CET54898443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:10.864061117 CET44354898142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:10.864128113 CET54899443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:10.864135027 CET44354899142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.482391119 CET44354896142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.482544899 CET54896443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.483171940 CET44354896142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.483251095 CET54896443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.485239029 CET44354897142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.485347986 CET54897443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:11.486969948 CET54896443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.486983061 CET44354896142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.487252951 CET44354896142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.487306118 CET54896443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.487662077 CET54896443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.489175081 CET54897443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:11.489182949 CET44354897142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.489494085 CET44354897142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.489552975 CET54897443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:11.489847898 CET54897443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:11.492583036 CET44354899142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.492671013 CET54899443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:11.493887901 CET54899443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:11.493892908 CET44354899142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.494141102 CET44354899142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.494198084 CET54899443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:11.494422913 CET54899443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:11.500729084 CET44354898142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.500813007 CET54898443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.501472950 CET44354898142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.501543999 CET54898443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.503112078 CET54898443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.503118038 CET44354898142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.503379107 CET44354898142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.503437042 CET54898443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.503772974 CET54898443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.531332016 CET44354897142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.531339884 CET44354896142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.539339066 CET44354899142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.547341108 CET44354898142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.862936020 CET44354896142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.863040924 CET54896443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.863070011 CET44354896142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.863120079 CET54896443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.863173962 CET54896443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.863217115 CET44354896142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.863270998 CET54896443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.863711119 CET54909443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.863768101 CET44354909142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.863836050 CET54909443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.864160061 CET54909443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.864178896 CET44354909142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.891911030 CET44354898142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.892018080 CET54898443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.892141104 CET54898443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.892184973 CET44354898142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.892239094 CET54898443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.892739058 CET54910443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.892788887 CET44354910142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.892857075 CET54910443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.893083096 CET54910443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:11.893100977 CET44354910142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.907996893 CET44354897142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.908046961 CET44354897142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.908090115 CET54897443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:11.908117056 CET44354897142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.908132076 CET54897443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:11.908169985 CET54897443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:11.908174992 CET44354897142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.908185959 CET44354897142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.908221960 CET54897443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:11.909018993 CET54897443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:11.909033060 CET44354897142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.909485102 CET54911443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:11.909535885 CET44354911142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:11.909606934 CET54911443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:11.909792900 CET54911443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:11.909802914 CET44354911142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.054157019 CET44354899142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.054205894 CET44354899142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.054244995 CET54899443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:12.054263115 CET44354899142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.054322958 CET44354899142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.054471016 CET54899443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:12.054471016 CET54899443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:12.054471016 CET54899443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:12.055021048 CET54899443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:12.055030107 CET44354899142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.055442095 CET54914443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:12.055480957 CET44354914142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.055551052 CET54914443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:12.055772066 CET54914443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:12.055783987 CET44354914142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.602509022 CET44354909142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.602587938 CET54909443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:12.603344917 CET44354909142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.603399038 CET54909443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:12.606900930 CET54909443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:12.606910944 CET44354909142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.607182980 CET44354909142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.607232094 CET54909443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:12.607876062 CET54909443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:12.611912012 CET44354911142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.611974955 CET54911443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:12.612143040 CET44354910142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.612205029 CET54910443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:12.612242937 CET54910443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:12.612318039 CET54911443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:12.612329006 CET44354911142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.612481117 CET54911443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:12.612485886 CET44354911142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.613095045 CET44354910142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.613153934 CET54910443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:12.615066051 CET54910443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:12.615072966 CET44354910142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.615309000 CET44354910142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.615358114 CET54910443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:12.615710974 CET54910443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:12.651331902 CET44354909142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.659333944 CET44354910142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.775331020 CET44354914142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.775495052 CET54914443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:12.775940895 CET54914443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:12.775971889 CET44354914142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.776104927 CET54914443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:12.776118994 CET44354914142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.002090931 CET44354909142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.002243042 CET44354909142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.002253056 CET54909443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.002291918 CET54909443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.002387047 CET54909443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.002405882 CET44354909142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.002418995 CET54909443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.002459049 CET54909443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.003093958 CET54922443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.003142118 CET44354922142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.003220081 CET54922443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.003495932 CET54922443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.003508091 CET44354922142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.007895947 CET44354910142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.007973909 CET54910443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.007997990 CET44354910142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.008044004 CET54910443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.008127928 CET54910443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.008167982 CET44354910142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.008222103 CET54910443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.008514881 CET54923443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.008560896 CET44354923142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.008625984 CET54923443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.008810997 CET54923443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.008825064 CET44354923142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.100337029 CET44354911142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.100390911 CET44354911142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.100481987 CET44354911142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.100512028 CET54911443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:13.100567102 CET54911443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:13.100567102 CET54911443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:13.101516962 CET54911443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:13.101536036 CET44354911142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.102046013 CET54924443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:13.102106094 CET44354924142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.102189064 CET54924443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:13.102406979 CET54924443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:13.102431059 CET44354924142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.262634993 CET44354914142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.262717009 CET44354914142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.262826920 CET54914443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:13.262919903 CET44354914142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.262949944 CET44354914142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.262989044 CET54914443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:13.263017893 CET54914443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:13.263952971 CET54914443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:13.263988972 CET44354914142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.264458895 CET54925443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:13.264508009 CET44354925142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.264586926 CET54925443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:13.264786005 CET54925443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:13.264801979 CET44354925142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.667804956 CET44354923142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.667875051 CET54923443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.668817997 CET44354923142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.668869019 CET54923443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.675647020 CET54923443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.675662994 CET44354923142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.675921917 CET44354923142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.675988913 CET54923443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.676783085 CET54923443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.723336935 CET44354923142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.728775978 CET44354922142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.728844881 CET54922443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.729568958 CET44354922142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.729626894 CET54922443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.731277943 CET54922443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.731298923 CET44354922142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.731720924 CET44354922142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.731797934 CET54922443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.732516050 CET54922443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.763386011 CET44354924142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.763453007 CET54924443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:13.763962030 CET54924443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:13.763972998 CET44354924142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.766374111 CET54924443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:13.766379118 CET44354924142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.779335022 CET44354922142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.814457893 CET54925443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:13.814488888 CET54923443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.814507008 CET54922443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.814524889 CET54924443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:13.817890882 CET54932443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.817936897 CET44354932142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.818011999 CET54932443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.819041967 CET54932443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.819058895 CET44354932142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.819391012 CET54933443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.819431067 CET44354933142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:13.819488049 CET54933443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.820239067 CET54933443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:13.820250034 CET44354933142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.473223925 CET44354932142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.473345995 CET54932443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:14.473741055 CET54932443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:14.473752975 CET44354932142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.473898888 CET54932443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:14.473905087 CET44354932142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.477011919 CET44354933142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.477080107 CET54933443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:14.477294922 CET54933443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:14.477303982 CET44354933142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.477406025 CET54933443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:14.477411032 CET44354933142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.859427929 CET44354932142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.859658957 CET54932443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:14.859793901 CET54932443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:14.859833002 CET44354932142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.859893084 CET54932443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:14.860594034 CET54941443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:14.860630989 CET44354941142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.860652924 CET54940443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:14.860694885 CET44354940142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.860706091 CET54941443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:14.860747099 CET54940443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:14.860914946 CET54940443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:14.860928059 CET44354940142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.866816044 CET44354933142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.866897106 CET54933443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:14.866911888 CET44354933142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.866962910 CET54933443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:14.868633032 CET44354933142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.868689060 CET44354933142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.868729115 CET54933443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:14.868741989 CET54933443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:14.885735035 CET54941443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:14.885766029 CET44354941142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.885850906 CET54933443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:14.885864973 CET44354933142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.886214972 CET54942443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:14.886257887 CET44354942142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.886383057 CET54942443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:14.886399031 CET54943443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:14.886440992 CET44354943142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.886486053 CET54943443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:14.886514902 CET54942443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:14.886529922 CET44354942142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:14.886735916 CET54943443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:14.886746883 CET44354943142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.489518881 CET44354940142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.489649057 CET54940443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.490299940 CET44354940142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.490359068 CET54940443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.493268013 CET54940443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.493278980 CET44354940142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.493572950 CET44354940142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.493633986 CET54940443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.493951082 CET54940443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.513123035 CET44354941142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.513232946 CET54941443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:15.516254902 CET54941443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:15.516268015 CET44354941142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.516525030 CET44354941142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.516624928 CET54941443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:15.517188072 CET54941443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:15.530755997 CET44354943142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.530956984 CET54943443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:15.532505989 CET54943443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:15.532511950 CET44354943142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.532874107 CET44354943142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.532929897 CET54943443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:15.533240080 CET54943443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:15.536566973 CET44354942142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.536686897 CET54942443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.537313938 CET44354942142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.537374020 CET54942443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.538769007 CET54942443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.538780928 CET44354942142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.539010048 CET44354942142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.539057970 CET54942443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.539321899 CET54942443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.539340973 CET44354940142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.559372902 CET44354941142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.575345993 CET44354943142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.587346077 CET44354942142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.880817890 CET44354940142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.880892038 CET54940443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.880927086 CET44354940142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.880973101 CET54940443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.881033897 CET54940443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.881069899 CET44354940142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.881128073 CET54940443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.881571054 CET54951443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.881599903 CET44354951142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.881655931 CET54951443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.881833076 CET54951443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.881846905 CET44354951142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.923588037 CET44354942142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.923676014 CET54942443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.923707962 CET44354942142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.923753023 CET54942443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.924865007 CET44354942142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.924913883 CET54942443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.924925089 CET44354942142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.924968958 CET54942443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.933706999 CET54942443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.933732986 CET44354942142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.934309959 CET54952443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.934360981 CET44354952142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.934425116 CET54952443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.934711933 CET54952443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:15.934726954 CET44354952142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.937200069 CET44354941142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.937254906 CET54941443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:15.937266111 CET44354941142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.937278986 CET44354941142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.937313080 CET54941443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:15.937325954 CET44354941142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.937361002 CET54941443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:15.937367916 CET44354941142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.937390089 CET44354941142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.937414885 CET54941443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:15.937432051 CET54941443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:15.938038111 CET54941443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:15.938046932 CET44354941142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.938401937 CET54954443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:15.938425064 CET44354954142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:15.938499928 CET54954443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:15.940829039 CET54954443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:15.940839052 CET44354954142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.080177069 CET44354943142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.080261946 CET44354943142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.080265045 CET54943443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:16.080291986 CET44354943142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.080307961 CET54943443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:16.080344915 CET54943443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:16.080349922 CET44354943142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.080384016 CET54943443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:16.080388069 CET44354943142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.080420971 CET54943443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:16.080449104 CET44354943142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.080486059 CET54943443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:16.082941055 CET54943443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:16.082964897 CET44354943142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.083406925 CET54956443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:16.083472013 CET44354956142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.083558083 CET54956443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:16.083728075 CET54956443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:16.083739996 CET44354956142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.313268900 CET804971369.42.215.252192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.313332081 CET4971380192.168.2.569.42.215.252
                                                                                                              Jan 2, 2025 20:32:16.526359081 CET44354951142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.526437044 CET54951443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:16.526767015 CET54951443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:16.526777983 CET44354951142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.526954889 CET54951443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:16.526961088 CET44354951142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.655484915 CET44354954142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.655550003 CET54954443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:16.656002045 CET54954443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:16.656013012 CET44354954142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.656107903 CET44354952142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.656160116 CET54952443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:16.656174898 CET54954443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:16.656183958 CET44354954142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.656451941 CET54952443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:16.656466961 CET44354952142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.656579018 CET54952443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:16.656586885 CET44354952142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.747392893 CET44354956142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.747477055 CET54956443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:16.747992039 CET54956443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:16.748007059 CET44354956142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.748168945 CET54956443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:16.748174906 CET44354956142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.937380075 CET44354951142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.937521935 CET54951443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:16.937570095 CET44354951142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.937619925 CET54951443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:16.937691927 CET54951443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:16.937733889 CET44354951142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.937789917 CET54951443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:16.938421011 CET54962443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:16.938466072 CET44354962142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:16.938534021 CET54962443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:16.939094067 CET54962443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:16.939105034 CET44354962142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.053155899 CET44354952142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.053303003 CET54952443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.053427935 CET54952443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.053464890 CET44354952142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.053519011 CET54952443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.054084063 CET54964443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.054125071 CET44354964142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.054188013 CET54964443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.054419994 CET54964443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.054430008 CET44354964142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.072591066 CET44354954142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.072649956 CET44354954142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.072679996 CET54954443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.072698116 CET44354954142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.072710991 CET54954443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.072743893 CET54954443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.072751045 CET44354954142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.072762012 CET44354954142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.072802067 CET54954443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.073577881 CET54954443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.073589087 CET44354954142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.073966980 CET54966443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.074003935 CET44354966142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.074074984 CET54966443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.074258089 CET54966443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.074269056 CET44354966142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.217595100 CET44354956142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.217652082 CET44354956142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.217714071 CET54956443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.217746973 CET44354956142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.217761040 CET54956443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.217786074 CET54956443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.217792988 CET44354956142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.217804909 CET44354956142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.217837095 CET54956443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.218542099 CET54956443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.218559980 CET44354956142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.219023943 CET54967443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.219052076 CET44354967142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.219134092 CET54967443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.219305992 CET54967443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.219322920 CET44354967142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.568710089 CET44354962142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.568783045 CET54962443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.569484949 CET44354962142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.569540024 CET54962443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.573285103 CET54962443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.573297977 CET44354962142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.573596954 CET44354962142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.573659897 CET54962443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.574109077 CET54962443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.615340948 CET44354962142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.692039967 CET44354964142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.692146063 CET54964443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.692823887 CET44354964142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.692877054 CET54964443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.694421053 CET54964443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.694427967 CET44354964142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.694658995 CET44354964142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.694704056 CET54964443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.695074081 CET54964443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.702641964 CET44354966142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.702703953 CET54966443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.702970028 CET54966443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.702980995 CET44354966142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.704746962 CET54966443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.704760075 CET44354966142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.735337019 CET44354964142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.829917908 CET54967443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.829972029 CET54962443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.829976082 CET54964443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.829978943 CET54966443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:17.831561089 CET54974443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.831595898 CET44354974142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.831660032 CET54974443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.831849098 CET54974443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.831856012 CET44354974142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.832568884 CET54975443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.832609892 CET44354975142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.832668066 CET54975443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.834666967 CET54975443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:17.834678888 CET44354975142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.460613012 CET44354974142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.460725069 CET54974443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.461234093 CET54974443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.461239100 CET44354974142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.461433887 CET54974443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.461437941 CET44354974142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.496958971 CET44354975142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.497101068 CET54975443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.497400045 CET54975443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.497411013 CET44354975142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.497529984 CET54975443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.497534990 CET44354975142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.851681948 CET44354974142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.851815939 CET54974443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.851830006 CET44354974142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.851883888 CET54974443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.852478981 CET44354974142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.852520943 CET44354974142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.852530956 CET54974443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.852560997 CET54974443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.857471943 CET54974443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.857486010 CET44354974142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.858053923 CET54982443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.858095884 CET44354982142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.858155966 CET54982443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.858318090 CET54982443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.858330965 CET44354982142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.860569000 CET54983443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:18.860615969 CET44354983142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.860677004 CET54983443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:18.861093998 CET54983443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:18.861108065 CET44354983142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.881324053 CET44354975142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.881417036 CET54975443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.881443977 CET44354975142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.881496906 CET54975443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.882576942 CET44354975142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.882602930 CET54975443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.882622957 CET54975443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.882625103 CET44354975142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.882684946 CET54975443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.886099100 CET54984443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:18.886146069 CET44354984142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.886204958 CET54984443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:18.892842054 CET54985443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.892874956 CET44354985142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.892940044 CET54985443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.907067060 CET54984443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:18.907087088 CET44354984142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:18.968501091 CET54985443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:18.968543053 CET44354985142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.486884117 CET44354982142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.486991882 CET54982443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:19.487385988 CET54982443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:19.487394094 CET44354982142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.488928080 CET54982443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:19.488933086 CET44354982142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.499670982 CET44354983142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.499773979 CET54983443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:19.502816916 CET54983443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:19.502830029 CET44354983142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.503074884 CET44354983142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.503134966 CET54983443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:19.503480911 CET54983443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:19.547337055 CET44354983142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.558137894 CET44354984142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.558209896 CET54984443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:19.559792042 CET54984443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:19.559798002 CET44354984142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.560029030 CET44354984142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.560082912 CET54984443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:19.560427904 CET54984443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:19.597790956 CET44354985142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.597848892 CET54985443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:19.598228931 CET54985443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:19.598233938 CET44354985142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.598381042 CET54985443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:19.598387003 CET44354985142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.603333950 CET44354984142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.877497911 CET44354982142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.877554893 CET54982443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:19.877656937 CET54982443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:19.877691031 CET44354982142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.877741098 CET54982443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:19.878190994 CET54994443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:19.878218889 CET44354994142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.878279924 CET54994443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:19.878479004 CET54994443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:19.878489017 CET44354994142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.926506042 CET44354983142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.926548958 CET44354983142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.926620007 CET54983443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:19.926651955 CET44354983142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.926666975 CET44354983142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.926700115 CET54983443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:19.926731110 CET54983443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:19.927207947 CET54983443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:19.927225113 CET44354983142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.927690983 CET54995443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:19.927742958 CET44354995142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.927978992 CET54995443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:19.928417921 CET54995443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:19.928432941 CET44354995142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.974369049 CET44354985142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.974436045 CET54985443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:19.974601984 CET54985443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:19.974648952 CET44354985142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.974752903 CET54985443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:19.975246906 CET54997443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:19.975317001 CET44354997142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:19.975377083 CET54997443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:19.975579977 CET54997443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:19.975598097 CET44354997142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.079895020 CET44354984142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.079942942 CET44354984142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.079960108 CET54984443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:20.079989910 CET44354984142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.080005884 CET54984443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:20.080049038 CET54984443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:20.080053091 CET44354984142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.080063105 CET44354984142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.080101967 CET54984443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:20.081554890 CET54984443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:20.081572056 CET44354984142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.082097054 CET54998443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:20.082143068 CET44354998142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.082201958 CET54998443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:20.082645893 CET54998443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:20.082660913 CET44354998142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.576082945 CET44354994142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.576160908 CET54994443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:20.576817989 CET44354994142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.576873064 CET54994443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:20.578520060 CET54994443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:20.578527927 CET44354994142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.578757048 CET44354994142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.578830004 CET54994443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:20.579267025 CET54994443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:20.619326115 CET44354994142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.662658930 CET44354995142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.662731886 CET54995443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:20.663172960 CET54995443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:20.663187027 CET44354995142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.663372040 CET54995443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:20.663378954 CET44354995142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.703731060 CET44354997142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.703839064 CET54997443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:20.704488039 CET44354997142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.704549074 CET54997443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:20.706595898 CET54997443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:20.706613064 CET44354997142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.706857920 CET44354997142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.706914902 CET54997443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:20.707206011 CET54997443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:20.747323036 CET44354997142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.835546970 CET44354998142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.835616112 CET54998443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:20.836029053 CET54998443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:20.836038113 CET44354998142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.836180925 CET54998443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:20.836184978 CET44354998142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.954710007 CET44354994142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.955810070 CET44354994142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.955929995 CET54994443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:20.956072092 CET54994443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:20.956090927 CET44354994142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.959686995 CET55006443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:20.959738016 CET44355006142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:20.963696957 CET55006443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:20.964194059 CET55006443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:20.964205980 CET44355006142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.085999012 CET44354997142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.086571932 CET44354997142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.086649895 CET54997443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:21.086818933 CET54997443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:21.086836100 CET44354997142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.087330103 CET55008443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:21.087369919 CET44355008142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.087434053 CET55008443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:21.087596893 CET55008443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:21.087609053 CET44355008142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.096060991 CET44354995142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.096117973 CET44354995142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.096195936 CET54995443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:21.096218109 CET44354995142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.096230030 CET44354995142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.096257925 CET54995443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:21.096288919 CET54995443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:21.096950054 CET54995443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:21.096961975 CET44354995142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.097378016 CET55009443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:21.097398996 CET44355009142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.097455978 CET55009443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:21.097645998 CET55009443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:21.097660065 CET44355009142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.263308048 CET44354998142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.263360023 CET44354998142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.263463974 CET44354998142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.263591051 CET54998443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:21.263592005 CET54998443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:21.264308929 CET54998443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:21.264331102 CET44354998142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.264810085 CET55011443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:21.264857054 CET44355011142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.266736031 CET55011443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:21.266978025 CET55011443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:21.267000914 CET44355011142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.593007088 CET44355006142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.593077898 CET55006443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:21.593854904 CET55006443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:21.593871117 CET44355006142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.597254038 CET55006443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:21.597274065 CET44355006142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.725119114 CET44355008142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.725178003 CET55008443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:21.725596905 CET55008443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:21.725606918 CET44355008142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.725794077 CET55008443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:21.725800037 CET44355008142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.745440960 CET44355009142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.745528936 CET55009443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:21.745984077 CET55009443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:21.745995998 CET44355009142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.747817039 CET55009443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:21.747827053 CET44355009142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.829210997 CET55011443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:21.829268932 CET55006443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:21.829284906 CET55008443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:21.829313993 CET55009443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:21.829953909 CET55016443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:21.829993010 CET44355016142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.830307961 CET55016443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:21.831079006 CET55016443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:21.831093073 CET44355016142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.831630945 CET55017443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:21.831677914 CET44355017142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:21.831734896 CET55017443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:21.831960917 CET55017443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:21.831973076 CET44355017142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.462676048 CET44355016142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.462913990 CET55016443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.463148117 CET55016443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.463155031 CET44355016142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.463327885 CET55016443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.463331938 CET44355016142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.468024015 CET44355017142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.468122959 CET55017443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.468327999 CET55017443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.468339920 CET44355017142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.468452930 CET55017443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.468460083 CET44355017142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.848153114 CET44355016142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.848252058 CET55016443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.848303080 CET44355016142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.848388910 CET55016443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.848464966 CET44355016142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.848510981 CET44355016142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.848512888 CET55016443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.848526001 CET44355016142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.848541021 CET55016443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.848556995 CET55016443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.848582983 CET55016443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.849052906 CET55024443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.849104881 CET44355024142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.849103928 CET55025443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:22.849153996 CET44355025142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.849170923 CET55024443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.849204063 CET55025443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:22.849438906 CET55025443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:22.849448919 CET44355025142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.849481106 CET55024443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.849493027 CET44355024142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.854244947 CET44355017142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.854310989 CET55017443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.854368925 CET55017443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.854419947 CET44355017142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.854468107 CET55017443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.854721069 CET55026443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.854737997 CET44355026142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.854777098 CET55027443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:22.854787111 CET55026443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.854789019 CET44355027142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.854846954 CET55027443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:22.854969025 CET55026443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:22.854975939 CET44355026142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:22.855024099 CET55027443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:22.855029106 CET44355027142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.485117912 CET44355027142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.485218048 CET44355025142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.485299110 CET55027443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:23.485461950 CET55025443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:23.490904093 CET44355026142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.491070032 CET55026443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:23.491657019 CET44355026142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.491748095 CET55026443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:23.492067099 CET55027443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:23.492084980 CET44355027142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.492404938 CET44355027142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.492460012 CET55027443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:23.493518114 CET55025443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:23.493532896 CET44355025142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.493710995 CET55027443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:23.493813992 CET44355025142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.493865967 CET55025443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:23.494064093 CET55025443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:23.498320103 CET55026443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:23.498349905 CET44355026142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.498682976 CET44355026142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.498748064 CET55026443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:23.499260902 CET55026443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:23.539333105 CET44355025142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.539345026 CET44355026142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.539350033 CET44355027142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.570595026 CET44355024142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.570781946 CET55024443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:23.571402073 CET44355024142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.571470022 CET55024443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:23.573525906 CET55024443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:23.573540926 CET44355024142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.573831081 CET44355024142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.573898077 CET55024443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:23.574287891 CET55024443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:23.615330935 CET44355024142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.997211933 CET44355026142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.997349024 CET55026443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:23.997395039 CET44355026142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.997450113 CET55026443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:23.997498989 CET55026443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:23.997540951 CET44355026142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.997594118 CET55026443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:23.997996092 CET55034443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:23.998051882 CET44355034142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.998131990 CET55034443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:23.998318911 CET55034443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:23.998333931 CET44355034142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.020482063 CET44355025142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.020539999 CET44355025142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.020560980 CET55025443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.020592928 CET44355025142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.020608902 CET55025443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.020636082 CET55025443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.021564007 CET55025443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.021610975 CET44355025142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.021656990 CET55025443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.021924019 CET55036443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.021965027 CET44355036142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.022017002 CET55036443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.022202015 CET55036443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.022211075 CET44355036142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.062766075 CET44355024142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.062871933 CET55024443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:24.062901020 CET44355024142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.062947989 CET55024443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:24.063030958 CET55024443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:24.063057899 CET44355024142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.063106060 CET55024443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:24.063692093 CET55038443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:24.063734055 CET44355038142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.063807011 CET55038443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:24.064011097 CET55038443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:24.064028978 CET44355038142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.184302092 CET44355027142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.184350014 CET44355027142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.184442043 CET44355027142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.184454918 CET55027443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.184480906 CET55027443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.184487104 CET55027443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.185077906 CET55027443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.185089111 CET44355027142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.185554028 CET55040443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.185602903 CET44355040142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.185668945 CET55040443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.185834885 CET55040443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.185846090 CET44355040142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.626281977 CET44355034142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.626355886 CET55034443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:24.627012968 CET44355034142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.627058029 CET55034443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:24.628590107 CET55034443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:24.628601074 CET44355034142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.628829002 CET44355034142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.628880978 CET55034443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:24.629292011 CET55034443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:24.654084921 CET44355036142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.654155016 CET55036443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.655599117 CET55036443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.655605078 CET44355036142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.655813932 CET44355036142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.655868053 CET55036443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.656220913 CET55036443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.675323009 CET44355034142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.696516037 CET44355038142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.696583033 CET55038443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:24.697262049 CET44355038142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.697309971 CET55038443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:24.698620081 CET55038443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:24.698628902 CET44355038142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.698863983 CET44355038142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.698913097 CET55038443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:24.699172974 CET55038443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:24.703321934 CET44355036142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.743320942 CET44355038142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.842327118 CET44355040142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.842413902 CET55040443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.843916893 CET55040443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.843923092 CET44355040142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.844135046 CET44355040142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:24.844189882 CET55040443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.844471931 CET55040443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:24.891324997 CET44355040142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.002017021 CET44355034142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.002171993 CET55034443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.002192020 CET44355034142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.002259970 CET55034443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.002428055 CET55034443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.002464056 CET44355034142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.002577066 CET55034443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.003196001 CET55048443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.003222942 CET44355048142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.003321886 CET55048443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.003571987 CET55048443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.003586054 CET44355048142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.072524071 CET44355036142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.072681904 CET55036443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.072706938 CET44355036142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.072787046 CET55036443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.072791100 CET44355036142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.072854996 CET55036443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.072859049 CET44355036142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.072902918 CET55036443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.072906971 CET44355036142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.072949886 CET55036443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.072988033 CET44355036142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.073043108 CET55036443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.073854923 CET55036443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.073870897 CET44355036142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.073879004 CET55036443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.073926926 CET55036443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.074472904 CET55050443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.074527979 CET44355050142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.074599028 CET55050443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.074842930 CET55050443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.074857950 CET44355050142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.081636906 CET44355038142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.081723928 CET55038443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.081813097 CET55038443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.081864119 CET44355038142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.081926107 CET55038443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.082259893 CET55051443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.082298040 CET44355051142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.082355022 CET55051443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.082526922 CET55051443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.082539082 CET44355051142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.277368069 CET44355040142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.277487993 CET55040443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.277503967 CET44355040142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.277534008 CET44355040142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.277568102 CET55040443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.277597904 CET55040443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.277662992 CET44355040142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.277709961 CET55040443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.277733088 CET44355040142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.277786970 CET55040443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.277839899 CET44355040142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.277894020 CET55040443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.279071093 CET55040443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.279084921 CET44355040142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.279681921 CET55052443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.279721022 CET44355052142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.279791117 CET55052443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.280009031 CET55052443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.280028105 CET44355052142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.650563955 CET44355048142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.650659084 CET55048443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.651330948 CET44355048142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.651397943 CET55048443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.655320883 CET55048443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.655333042 CET44355048142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.655591011 CET44355048142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.655648947 CET55048443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.656032085 CET55048443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.699330091 CET44355048142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.710325003 CET44355051142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.710402012 CET55051443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.711105108 CET44355051142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.711163044 CET55051443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.713135004 CET55051443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.713141918 CET44355051142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.713380098 CET44355050142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.713428020 CET44355051142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.713448048 CET55050443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.713464022 CET55051443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.713767052 CET55050443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.713778019 CET44355050142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.714194059 CET55051443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.716032982 CET55050443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.716037989 CET44355050142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.759325027 CET44355051142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.846257925 CET55051443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.846259117 CET55048443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.846260071 CET55052443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.846345901 CET55050443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:25.848171949 CET55058443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.848201990 CET44355058142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.848300934 CET55058443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.848608017 CET55058443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.848617077 CET44355058142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.849271059 CET55059443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.849309921 CET44355059142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:25.849385977 CET55059443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.850163937 CET55059443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:25.850178003 CET44355059142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:26.486768961 CET44355059142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:26.486911058 CET55059443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:26.487502098 CET55059443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:26.487513065 CET44355059142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:26.487776995 CET55059443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:26.487783909 CET44355059142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:26.505582094 CET44355058142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:26.505671024 CET55058443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:26.506067991 CET55058443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:26.506076097 CET44355058142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:26.506262064 CET55058443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:26.506266117 CET44355058142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:26.871022940 CET44355059142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:26.871191025 CET55059443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:26.871444941 CET55059443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:26.871498108 CET44355059142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:26.871565104 CET55059443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:26.872235060 CET55067443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:26.872289896 CET44355067142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:26.872347116 CET55068443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:26.872371912 CET55067443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:26.872374058 CET44355068142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:26.872426033 CET55068443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:26.872678041 CET55067443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:26.872699022 CET44355067142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:26.872726917 CET55068443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:26.872737885 CET44355068142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:26.899960995 CET44355058142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:26.900083065 CET55058443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:26.900103092 CET44355058142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:26.900158882 CET55058443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:26.900300026 CET55058443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:26.900341034 CET44355058142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:26.900399923 CET55058443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:26.901041031 CET55070443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:26.901047945 CET55069443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:26.901073933 CET44355070142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:26.901094913 CET44355069142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:26.901148081 CET55070443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:26.901185036 CET55069443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:26.901421070 CET55069443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:26.901429892 CET44355069142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:26.901556969 CET55070443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:26.901570082 CET44355070142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.500417948 CET44355068142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.500606060 CET55068443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:27.504276037 CET55068443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:27.504290104 CET44355068142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.504529953 CET44355068142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.504601002 CET55068443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:27.504996061 CET55068443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:27.509588003 CET44355067142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.509681940 CET55067443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.510248899 CET44355067142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.510304928 CET55067443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.513365030 CET55067443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.513377905 CET44355067142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.513624907 CET44355067142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.513678074 CET55067443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.513998032 CET55067443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.529278040 CET44355069142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.529402018 CET55069443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.529923916 CET44355069142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.530117989 CET55069443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.531871080 CET55069443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.531877995 CET44355069142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.532088995 CET44355069142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.532131910 CET55069443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.533027887 CET55069443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.551338911 CET44355068142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.551403999 CET44355070142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.551522970 CET55070443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:27.553026915 CET55070443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:27.553034067 CET44355070142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.553270102 CET44355070142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.553328037 CET55070443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:27.553615093 CET55070443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:27.555339098 CET44355067142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.579343081 CET44355069142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.599335909 CET44355070142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.887182951 CET44355067142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.887326956 CET55067443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.887358904 CET44355067142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.887413979 CET55067443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.888171911 CET44355067142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.888215065 CET44355067142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.888220072 CET55067443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.888263941 CET55067443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.891150951 CET55067443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.891170025 CET44355067142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.900703907 CET55078443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.900751114 CET44355078142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.900818110 CET55078443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.902051926 CET55078443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.902065039 CET44355078142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.920185089 CET44355068142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.920238972 CET44355068142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.920288086 CET55068443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:27.920320034 CET44355068142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.920334101 CET55068443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:27.920362949 CET55068443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:27.920370102 CET44355068142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.920380116 CET44355068142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.920408010 CET55068443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:27.920432091 CET55068443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:27.929146051 CET55068443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:27.929164886 CET44355068142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.931745052 CET44355069142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.931806087 CET55069443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.932169914 CET55069443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.932209969 CET44355069142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.932260036 CET55069443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.933537960 CET55079443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.933568954 CET44355079142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.933626890 CET55079443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.933945894 CET55080443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:27.933953047 CET44355080142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.933999062 CET55080443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:27.934415102 CET55079443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:27.934422970 CET44355079142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.934597969 CET55080443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:27.934603930 CET44355080142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.079952002 CET44355070142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.079991102 CET44355070142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.080012083 CET55070443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:28.080040932 CET44355070142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.080056906 CET55070443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:28.080086946 CET55070443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:28.080091953 CET44355070142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.080127954 CET44355070142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.080132961 CET55070443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:28.080168962 CET55070443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:28.082257986 CET55070443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:28.082273960 CET44355070142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.083338976 CET55083443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:28.083374023 CET44355083142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.083446980 CET55083443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:28.083673000 CET55083443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:28.083687067 CET44355083142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.539524078 CET44355078142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.539722919 CET55078443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:28.540175915 CET44355078142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.540258884 CET55078443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:28.542049885 CET55078443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:28.542057991 CET44355078142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.542373896 CET44355078142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.542433023 CET55078443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:28.542910099 CET55078443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:28.567850113 CET44355079142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.568032980 CET55079443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:28.568645000 CET44355079142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.568727016 CET55079443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:28.570693970 CET55079443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:28.570744991 CET44355079142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.571047068 CET44355079142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.571125031 CET55079443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:28.571563005 CET55079443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:28.583677053 CET44355080142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.583787918 CET55080443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:28.584356070 CET55080443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:28.584361076 CET44355080142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.584515095 CET55080443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:28.584518909 CET44355080142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.587332964 CET44355078142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.615350962 CET44355079142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.741533995 CET44355083142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.741621971 CET55083443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:28.742356062 CET55083443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:28.742369890 CET44355083142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.742578030 CET55083443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:28.742583990 CET44355083142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.916755915 CET44355078142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.916816950 CET55078443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:28.916836977 CET44355078142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.916887999 CET55078443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:28.917027950 CET55078443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:28.917058945 CET44355078142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.917192936 CET44355078142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.917244911 CET55078443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:28.917262077 CET55078443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:28.917599916 CET55090443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:28.917637110 CET44355090142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:28.917725086 CET55090443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:28.917980909 CET55090443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:28.917994022 CET44355090142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.001003027 CET44355080142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.001089096 CET44355080142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.001151085 CET55080443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.001166105 CET44355080142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.001214027 CET55080443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.001240015 CET44355080142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.001280069 CET55080443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.001311064 CET44355080142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.001363993 CET55080443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.001409054 CET44355080142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.001452923 CET55080443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.001934052 CET55080443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.001955032 CET44355080142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.002360106 CET55092443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.002402067 CET44355092142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.002794981 CET55092443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.002983093 CET55092443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.002994061 CET44355092142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.050703049 CET44355079142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.050829887 CET55079443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.050856113 CET44355079142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.051079988 CET55079443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.051079988 CET55079443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.051116943 CET44355079142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.051270008 CET44355079142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.051322937 CET55079443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.051338911 CET55079443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.051666975 CET55093443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.051721096 CET44355093142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.051798105 CET55093443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.052025080 CET55093443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.052036047 CET44355093142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.171828032 CET44355083142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.171870947 CET44355083142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.171897888 CET55083443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.171926975 CET44355083142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.171943903 CET55083443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.171962023 CET55083443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.171967030 CET44355083142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.172013044 CET44355083142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.172055960 CET55083443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.172858953 CET55083443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.172883987 CET44355083142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.173321009 CET55095443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.173369884 CET44355095142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.173444033 CET55095443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.173631907 CET55095443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.173645973 CET44355095142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.543361902 CET44355090142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.543559074 CET55090443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.544084072 CET44355090142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.544154882 CET55090443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.547029972 CET55090443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.547039986 CET44355090142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.547252893 CET44355090142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.549523115 CET55090443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.549843073 CET55090443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.595331907 CET44355090142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.658946037 CET44355092142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.659049034 CET55092443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.659641981 CET55092443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.659650087 CET44355092142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.661432981 CET55092443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.661439896 CET44355092142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.684247017 CET44355093142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.684314013 CET55093443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.684900045 CET44355093142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.684951067 CET55093443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.686646938 CET55093443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.686657906 CET44355093142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.686918974 CET44355093142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.686974049 CET55093443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.687552929 CET55093443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.731337070 CET44355093142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.820310116 CET44355095142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.821795940 CET55095443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.822251081 CET55095443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.822259903 CET44355095142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.822455883 CET55095443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.822459936 CET44355095142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.861388922 CET55090443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.861421108 CET55092443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:29.861452103 CET55093443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.862181902 CET55099443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.862207890 CET44355099142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.862270117 CET55099443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.863858938 CET55099443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.863867998 CET44355099142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.864379883 CET55100443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.864455938 CET44355100142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:29.865490913 CET55100443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.865715027 CET55100443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:29.865746021 CET44355100142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.267772913 CET44355095142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.267823935 CET44355095142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.267903090 CET55095443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:30.267931938 CET44355095142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.267945051 CET44355095142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.267946005 CET55095443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:30.267986059 CET55095443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:30.268583059 CET55095443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:30.268598080 CET44355095142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.502294064 CET44355099142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.502393961 CET55099443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:30.505917072 CET55099443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:30.505927086 CET44355099142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.506066084 CET55099443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:30.506071091 CET44355099142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.540824890 CET44355100142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.540919065 CET55100443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:30.548468113 CET55100443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:30.548501968 CET44355100142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.548631907 CET55100443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:30.548645020 CET44355100142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.894248962 CET44355099142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.894323111 CET55099443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:30.894340038 CET44355099142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.894378901 CET55099443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:30.894469023 CET55099443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:30.894517899 CET44355099142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.894582987 CET55099443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:30.895116091 CET55107443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:30.895234108 CET44355107142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.895329952 CET55107443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:30.895597935 CET55107443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:30.895632029 CET44355107142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.896672964 CET55108443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:30.896706104 CET44355108142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.897000074 CET55108443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:30.897000074 CET55108443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:30.897027016 CET44355108142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.933332920 CET44355100142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.933434963 CET55100443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:30.933479071 CET44355100142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.933521986 CET44355100142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.933557034 CET55100443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:30.933633089 CET55100443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:30.933634043 CET55100443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:30.934108019 CET55109443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:30.934154034 CET44355109142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.934160948 CET55110443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:30.934195042 CET44355110142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.934216022 CET55109443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:30.934243917 CET55110443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:30.934429884 CET55109443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:30.934451103 CET44355109142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:30.934488058 CET55110443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:30.934499979 CET44355110142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.235389948 CET55100443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.235440969 CET44355100142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.532725096 CET44355108142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.533164978 CET55108443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:31.533689976 CET55108443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:31.533696890 CET44355108142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.535408974 CET55108443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:31.535422087 CET44355108142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.551743031 CET44355107142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.551836014 CET55107443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.552472115 CET44355107142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.552659988 CET55107443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.555326939 CET55107443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.555354118 CET44355107142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.555603027 CET44355107142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.559516907 CET55107443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.559823990 CET55107443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.571268082 CET44355110142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.571502924 CET55110443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:31.571762085 CET55110443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:31.571768045 CET44355110142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.571906090 CET55110443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:31.571914911 CET44355110142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.593998909 CET44355109142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.594100952 CET55109443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.594722986 CET44355109142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.594878912 CET55109443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.596283913 CET55109443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.596296072 CET44355109142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.596534014 CET44355109142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.599497080 CET55109443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.599797010 CET55109443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.603326082 CET44355107142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.643328905 CET44355109142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.946259975 CET44355108142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.946331024 CET44355108142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.946450949 CET44355108142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.946621895 CET55108443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:31.946621895 CET55108443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:31.947326899 CET55108443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:31.947345972 CET44355108142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.947886944 CET44355107142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.947959900 CET55107443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.948040962 CET44355107142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.948110104 CET55107443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.948134899 CET55107443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.948184967 CET44355107142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.948231936 CET55107443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.948630095 CET55117443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.948679924 CET44355117142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.948740005 CET55118443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:31.948745966 CET55117443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.948806047 CET44355118142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.948868990 CET55118443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:31.949007034 CET55117443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.949023008 CET44355117142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.949048042 CET55118443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:31.949074030 CET44355118142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.990814924 CET44355109142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.991024017 CET55109443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.991024017 CET55109443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.991082907 CET44355109142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.991136074 CET55109443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.991436005 CET55119443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.991487026 CET44355119142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:31.991549969 CET55119443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.991717100 CET55119443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:31.991734982 CET44355119142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.132234097 CET44355110142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.132287979 CET44355110142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.132306099 CET55110443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:32.132327080 CET44355110142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.132338047 CET55110443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:32.132369041 CET55110443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:32.132374048 CET44355110142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.132411003 CET44355110142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.132416964 CET55110443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:32.132452011 CET55110443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:32.133064032 CET55110443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:32.133074045 CET44355110142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.133455992 CET55121443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:32.133485079 CET44355121142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.133553028 CET55121443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:32.133714914 CET55121443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:32.133729935 CET44355121142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.577369928 CET44355118142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.577577114 CET55118443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:32.577902079 CET55118443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:32.577914000 CET44355118142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.578068972 CET55118443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:32.578077078 CET44355118142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.597857952 CET44355117142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.597979069 CET55117443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:32.598546028 CET44355117142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.598712921 CET55117443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:32.600261927 CET55117443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:32.600272894 CET44355117142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.600517035 CET44355117142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.600574970 CET55117443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:32.600900888 CET55117443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:32.621891022 CET44355119142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.622098923 CET55119443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:32.622971058 CET44355119142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.623037100 CET55119443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:32.624489069 CET55119443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:32.624499083 CET44355119142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.624838114 CET44355119142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.624888897 CET55119443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:32.625171900 CET55119443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:32.647327900 CET44355117142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.667332888 CET44355119142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.760519981 CET44355121142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.760587931 CET55121443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:32.761482954 CET55121443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:32.761493921 CET44355121142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.761691093 CET55121443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:32.761697054 CET44355121142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.988687038 CET44355117142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.988847017 CET55117443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:32.988883018 CET44355117142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.988895893 CET44355117142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.988935947 CET55117443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:32.989026070 CET55117443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:32.995534897 CET44355118142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.995642900 CET44355118142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.995676041 CET55118443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:32.995738983 CET44355118142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.995780945 CET55118443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:32.995820045 CET55118443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:32.995834112 CET44355118142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.995857954 CET44355118142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:32.995892048 CET55118443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:32.995923042 CET55118443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:33.005059004 CET44355119142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.005199909 CET55119443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.005229950 CET44355119142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.005279064 CET55119443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.006428957 CET44355119142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.006486893 CET44355119142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.006486893 CET55119443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.006558895 CET55119443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.027458906 CET55117443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.027496099 CET44355117142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.046371937 CET55129443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.046412945 CET44355129142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.046506882 CET55129443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.050072908 CET55119443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.050102949 CET44355119142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.057519913 CET55130443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.057594061 CET44355130142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.057696104 CET55130443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.061383963 CET55130443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.061418056 CET44355130142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.076414108 CET55118443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:33.076446056 CET44355118142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.104227066 CET55129443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.104250908 CET44355129142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.116173029 CET55131443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:33.116220951 CET44355131142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.116328001 CET55131443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:33.120385885 CET55131443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:33.120400906 CET44355131142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.192629099 CET44355121142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.192676067 CET44355121142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.192699909 CET55121443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:33.192723989 CET44355121142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.192742109 CET55121443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:33.192790031 CET55121443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:33.192797899 CET44355121142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.192837000 CET55121443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:33.193083048 CET44355121142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.193139076 CET44355121142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.193169117 CET55121443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:33.193640947 CET55121443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:33.237530947 CET55121443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:33.237569094 CET44355121142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.238123894 CET55132443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:33.238179922 CET44355132142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.238264084 CET55132443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:33.238512993 CET55132443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:33.238533974 CET44355132142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.688657999 CET44355130142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.688733101 CET55130443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.689580917 CET55130443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.689599991 CET44355130142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.691847086 CET55130443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.691857100 CET44355130142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.734905005 CET44355129142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.734980106 CET55129443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.735551119 CET55129443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.735563040 CET44355129142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.735785961 CET55129443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.735793114 CET44355129142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.748604059 CET44355131142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.748672009 CET55131443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:33.749264002 CET55131443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:33.749270916 CET44355131142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.751586914 CET55131443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:33.751593113 CET44355131142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.864602089 CET55132443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:33.864650965 CET55130443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.864682913 CET55129443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.864711046 CET55131443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:33.865434885 CET55139443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.865475893 CET44355139142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.865545988 CET55139443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.867465019 CET55140443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.867517948 CET44355140142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.867573023 CET55140443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.868293047 CET55140443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.868304968 CET44355140142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.869502068 CET55139443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:33.869518042 CET44355139142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:34.525276899 CET44355140142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:34.525393009 CET55140443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:34.525938034 CET44355139142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:34.526002884 CET55140443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:34.526016951 CET44355140142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:34.526055098 CET55139443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:34.526247978 CET55140443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:34.526263952 CET44355140142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:34.526279926 CET55139443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:34.526284933 CET44355139142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:34.526560068 CET55139443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:34.526565075 CET44355139142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:34.910376072 CET44355139142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:34.910531998 CET55139443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:34.910793066 CET55139443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:34.910842896 CET44355139142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:34.910906076 CET55139443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:34.911556959 CET55149443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:34.911617994 CET44355149142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:34.911679983 CET55150443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:34.911689043 CET55149443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:34.911712885 CET44355150142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:34.911766052 CET55150443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:34.911923885 CET55149443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:34.911943913 CET44355149142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:34.912072897 CET55150443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:34.912086964 CET44355150142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:34.921375036 CET44355140142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:34.921464920 CET44355140142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:34.921492100 CET55140443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:34.921649933 CET55140443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:34.921649933 CET55140443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:34.922035933 CET55151443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:34.922060966 CET44355151142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:34.922069073 CET55152443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:34.922100067 CET44355152142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:34.922120094 CET55151443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:34.922158957 CET55152443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:34.922374964 CET55151443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:34.922379971 CET55152443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:34.922389030 CET44355151142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:34.922394037 CET44355152142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.235439062 CET55140443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.235481977 CET44355140142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.540627956 CET44355149142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.540829897 CET55149443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.541410923 CET44355149142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.541579008 CET55149443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.543303013 CET44355150142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.543407917 CET55150443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:35.547290087 CET44355151142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.547379017 CET55151443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.548005104 CET44355151142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.548080921 CET55151443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.550946951 CET44355152142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.551076889 CET55152443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:35.620670080 CET55149443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.620692015 CET44355149142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.621052980 CET44355149142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.621146917 CET55149443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.621768951 CET55149443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.624699116 CET55150443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:35.624725103 CET44355150142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.625147104 CET44355150142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.625205994 CET55150443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:35.626606941 CET55150443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:35.626728058 CET55151443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.626738071 CET44355151142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.627019882 CET44355151142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.627072096 CET55151443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.628166914 CET55152443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:35.628196001 CET44355152142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.628330946 CET55151443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.628529072 CET44355152142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.628587961 CET55152443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:35.628818989 CET55152443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:35.667332888 CET44355149142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.671339035 CET44355150142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.671354055 CET44355152142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.675321102 CET44355151142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.930282116 CET44355149142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.930351973 CET55149443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.931221962 CET55149443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.931266069 CET44355149142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.931329966 CET55149443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.934717894 CET44355151142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.934822083 CET55151443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.934830904 CET44355151142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.934878111 CET55151443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.935241938 CET44355151142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.935292006 CET55151443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.935302019 CET44355151142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.935349941 CET55151443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.940716982 CET55157443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.940756083 CET44355157142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.940823078 CET55157443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.941000938 CET55151443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.941020966 CET44355151142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.941143990 CET55157443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.941159010 CET44355157142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.941680908 CET55158443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.941704035 CET44355158142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:35.941766024 CET55158443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.941962957 CET55158443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:35.941975117 CET44355158142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.078121901 CET44355152142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.078210115 CET55152443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.078234911 CET44355152142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.078282118 CET55152443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.078285933 CET44355152142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.078326941 CET55152443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.078331947 CET44355152142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.078372955 CET55152443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.078377008 CET44355152142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.078399897 CET44355152142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.078416109 CET55152443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.078459978 CET55152443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.079241991 CET55152443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.079257965 CET44355152142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.079798937 CET55160443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.079844952 CET44355160142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.079916954 CET55160443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.080137014 CET55160443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.080151081 CET44355160142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.083244085 CET44355150142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.083304882 CET55150443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.083311081 CET44355150142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.083345890 CET44355150142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.083364964 CET55150443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.083406925 CET55150443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.083415985 CET44355150142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.083458900 CET55150443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.083463907 CET44355150142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.083486080 CET44355150142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.083508015 CET55150443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.083538055 CET55150443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.083990097 CET55150443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.084003925 CET44355150142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.084589958 CET55161443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.084629059 CET44355161142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.084692001 CET55161443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.084965944 CET55161443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.084975004 CET44355161142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.569401979 CET44355157142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.569621086 CET55157443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:36.570122957 CET55157443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:36.570135117 CET44355157142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.570311069 CET55157443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:36.570317984 CET44355157142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.584124088 CET44355158142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.584284067 CET55158443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:36.584922075 CET55158443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:36.584928989 CET44355158142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.585074902 CET55158443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:36.585078955 CET44355158142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.723217010 CET44355161142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.723290920 CET55161443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.724059105 CET55161443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.724067926 CET44355161142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.724271059 CET55161443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.724275112 CET44355161142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.749723911 CET44355160142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.749826908 CET55160443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.750565052 CET55160443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.750580072 CET44355160142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.750777960 CET55160443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:36.750783920 CET44355160142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.943451881 CET44355157142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.943573952 CET55157443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:36.943603039 CET44355157142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.943659067 CET55157443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:36.943794012 CET55157443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:36.943835974 CET44355157142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.943893909 CET55157443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:36.944571972 CET55169443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:36.944626093 CET44355169142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.944696903 CET55169443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:36.945003986 CET55169443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:36.945019960 CET44355169142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.971498966 CET44355158142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.972676992 CET44355158142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.972831011 CET55158443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:36.972959995 CET55158443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:36.972978115 CET44355158142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.972997904 CET55158443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:36.973042011 CET55158443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:36.973709106 CET55171443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:36.973757029 CET44355171142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:36.973819971 CET55171443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:36.974061012 CET55171443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:36.974070072 CET44355171142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.147774935 CET44355161142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.147850990 CET44355161142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.147881031 CET55161443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.147910118 CET44355161142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.147988081 CET44355161142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.148103952 CET55161443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.148103952 CET55161443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.148919106 CET55161443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.148941040 CET44355161142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.149405003 CET55172443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.149465084 CET44355172142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.149549007 CET55172443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.149763107 CET55172443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.149779081 CET44355172142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.306047916 CET44355160142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.306106091 CET44355160142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.306237936 CET55160443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.306272030 CET44355160142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.306320906 CET55160443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.306327105 CET44355160142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.306358099 CET44355160142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.306366920 CET55160443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.306407928 CET55160443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.306996107 CET55160443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.307015896 CET44355160142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.307523012 CET55175443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.307563066 CET44355175142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.308058977 CET55175443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.308350086 CET55175443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.308367014 CET44355175142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.572833061 CET44355169142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.573019981 CET55169443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:37.573628902 CET44355169142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.573721886 CET55169443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:37.577235937 CET55169443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:37.577250004 CET44355169142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.577584982 CET44355169142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.577652931 CET55169443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:37.578160048 CET55169443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:37.623331070 CET44355169142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.686363935 CET44355171142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.686539888 CET55171443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:37.687103987 CET44355171142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.687164068 CET55171443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:37.689074039 CET55171443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:37.689091921 CET44355171142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.689382076 CET44355171142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.689460993 CET55171443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:37.689834118 CET55171443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:37.731328964 CET44355171142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.777628899 CET44355172142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.777756929 CET55172443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.778191090 CET55172443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.778208017 CET44355172142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.780273914 CET55172443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.780293941 CET44355172142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.934886932 CET44355175142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.934942961 CET55175443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.935489893 CET55175443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.935502052 CET44355175142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.935789108 CET55175443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:37.935795069 CET44355175142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.951934099 CET44355169142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.952064037 CET55169443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:37.952088118 CET44355169142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.952137947 CET55169443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:37.952187061 CET55169443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:37.952233076 CET44355169142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.952284098 CET55169443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:37.954787016 CET55181443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:37.954830885 CET44355181142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.954895973 CET55181443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:37.955373049 CET55181443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:37.955387115 CET44355181142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.071243048 CET44355171142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.071383953 CET55171443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:38.071405888 CET44355171142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.071455002 CET55171443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:38.071526051 CET55171443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:38.071557999 CET44355171142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.071607113 CET55171443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:38.072207928 CET55184443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:38.072269917 CET44355184142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.072331905 CET55184443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:38.072518110 CET55184443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:38.072530985 CET44355184142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.203248978 CET44355172142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.203391075 CET55172443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:38.203425884 CET44355172142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.203460932 CET44355172142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.203488111 CET55172443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:38.203537941 CET55172443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:38.203603029 CET44355172142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.203649998 CET55172443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:38.203671932 CET44355172142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.203716993 CET55172443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:38.203792095 CET44355172142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.203840971 CET55172443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:38.210635900 CET55172443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:38.210659981 CET44355172142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.211534023 CET55185443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:38.211565018 CET44355185142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.211627007 CET55185443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:38.211874962 CET55185443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:38.211891890 CET44355185142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.371635914 CET44355175142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.371686935 CET44355175142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.371728897 CET55175443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:38.371743917 CET44355175142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.371752977 CET55175443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:38.371787071 CET55175443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:38.371792078 CET44355175142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.371808052 CET44355175142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.371839046 CET55175443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:38.371855974 CET55175443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:38.477884054 CET55175443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:38.477900982 CET44355175142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.478815079 CET55186443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:38.478867054 CET44355186142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.478929043 CET55186443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:38.508527040 CET55186443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:38.508564949 CET44355186142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.533057928 CET55181443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:38.533104897 CET55184443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:38.533118010 CET55185443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:38.533972025 CET55189443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:38.534022093 CET44355189142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.534077883 CET55189443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:38.534435987 CET55189443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:38.534446955 CET44355189142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.535375118 CET55190443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:38.535418034 CET44355190142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:38.535470963 CET55190443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:38.537184954 CET55190443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:38.537209034 CET44355190142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.148251057 CET44355186142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.149565935 CET55186443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:39.150002003 CET55186443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:39.150015116 CET44355186142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.150217056 CET55186443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:39.150223017 CET44355186142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.162962914 CET44355189142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.163156986 CET55189443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.163784981 CET44355189142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.163851976 CET55189443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.164694071 CET44355190142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.164767027 CET55190443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.165388107 CET55189443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.165397882 CET44355189142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.165647030 CET44355189142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.165699005 CET55189443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.165755033 CET44355190142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.165800095 CET55190443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.166030884 CET55189443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.167020082 CET55190443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.167033911 CET44355190142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.167289019 CET44355190142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.167505026 CET55190443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.167826891 CET55190443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.211332083 CET44355189142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.215327978 CET44355190142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.539351940 CET44355190142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.539540052 CET55190443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.539563894 CET44355190142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.539611101 CET55190443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.539676905 CET55190443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.539705992 CET44355190142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.539849997 CET44355190142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.539899111 CET55190443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.539916039 CET55190443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.540292025 CET55197443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:39.540303946 CET55196443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.540345907 CET44355196142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.540347099 CET44355197142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.540424109 CET55197443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:39.540429115 CET55196443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.540618896 CET55196443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.540631056 CET44355196142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.540709019 CET55197443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:39.540723085 CET44355197142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.554821014 CET44355189142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.555550098 CET44355189142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.555649042 CET55189443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.556824923 CET55189443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.556848049 CET44355189142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.557285070 CET55198443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.557316065 CET44355198142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.557538986 CET55198443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.557742119 CET55198443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:39.557754993 CET44355198142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.684254885 CET44355186142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.684305906 CET44355186142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.684406042 CET44355186142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.684425116 CET55186443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:39.684453011 CET55186443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:39.685250998 CET55186443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:39.685267925 CET44355186142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.685743093 CET55201443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:39.685787916 CET44355201142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:39.685853004 CET55201443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:39.686106920 CET55201443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:39.686119080 CET44355201142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.169961929 CET44355196142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.170038939 CET44355197142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.170063972 CET55196443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.170114994 CET55197443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.170591116 CET55196443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.170614004 CET44355196142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.172561884 CET55196443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.172584057 CET44355196142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.173403978 CET55197443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.173413992 CET44355197142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.173640013 CET44355197142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.173693895 CET55197443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.174231052 CET55197443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.193578959 CET44355198142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.193674088 CET55198443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.193942070 CET55198443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.193952084 CET44355198142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.194075108 CET55198443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.194078922 CET44355198142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.219326019 CET44355197142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.335066080 CET44355201142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.335197926 CET55201443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.336839914 CET55201443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.336855888 CET44355201142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.337110996 CET44355201142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.337174892 CET55201443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.337479115 CET55201443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.379334927 CET44355201142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.554766893 CET44355196142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.554960966 CET55196443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.554996014 CET44355196142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.555012941 CET44355196142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.555017948 CET55196443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.555027008 CET44355196142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.555052996 CET55196443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.555078983 CET55196443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.555490017 CET55196443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.555708885 CET55205443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.555764914 CET44355205142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.555833101 CET55205443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.556041956 CET55205443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.556057930 CET44355205142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.586097956 CET44355198142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.586179972 CET55198443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.586206913 CET44355198142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.586260080 CET55198443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.586402893 CET55198443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.586446047 CET44355198142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.586503029 CET55198443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.587038040 CET55206443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.587080956 CET44355206142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.587167025 CET55206443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.587366104 CET55206443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:40.587378025 CET44355206142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.589045048 CET44355197142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.589096069 CET44355197142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.589113951 CET55197443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.589153051 CET44355197142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.589169025 CET55197443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.589209080 CET55197443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.589978933 CET55197443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.590033054 CET44355197142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.590095997 CET55197443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.590415001 CET55207443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.590457916 CET44355207142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.590517044 CET55207443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.590696096 CET55207443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.590708971 CET44355207142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.759650946 CET44355201142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.759702921 CET44355201142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.759763002 CET55201443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.759797096 CET44355201142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.759812117 CET55201443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.759844065 CET55201443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.760148048 CET44355201142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.760195017 CET55201443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.760210991 CET44355201142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.760255098 CET55201443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.767364979 CET55201443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.767393112 CET44355201142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.768316031 CET55208443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.768366098 CET44355208142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:40.768424988 CET55208443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.768749952 CET55208443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:40.768760920 CET44355208142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.222398043 CET44355206142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.222482920 CET55206443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.223197937 CET44355206142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.223254919 CET55206443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.224612951 CET44355205142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.224690914 CET55205443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.225230932 CET55206443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.225246906 CET44355206142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.225338936 CET44355205142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.225398064 CET55205443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.225545883 CET44355206142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.225590944 CET55206443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.226141930 CET55206443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.226972103 CET55205443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.226983070 CET44355205142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.227251053 CET44355205142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.227299929 CET55205443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.227606058 CET55205443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.237452984 CET44355207142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.237515926 CET55207443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:41.237896919 CET55207443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:41.237904072 CET44355207142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.238059998 CET55207443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:41.238065004 CET44355207142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.267335892 CET44355206142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.275326967 CET44355205142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.400306940 CET44355208142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.400454998 CET55208443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:41.422595978 CET55208443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:41.422605038 CET44355208142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.422802925 CET55208443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:41.422807932 CET44355208142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.600712061 CET44355206142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.600786924 CET55206443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.601138115 CET55206443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.601147890 CET44355206142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.601192951 CET44355206142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.601197958 CET55206443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.601224899 CET55206443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.601243973 CET55206443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.602092028 CET55212443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.602138996 CET44355212142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.602209091 CET55212443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.602477074 CET55212443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.602490902 CET44355212142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.617605925 CET44355205142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.617691994 CET55205443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.617841005 CET44355205142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.617880106 CET44355205142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.617881060 CET55205443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.617925882 CET55205443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.617954016 CET55205443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.617969036 CET44355205142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.617980003 CET55205443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.618017912 CET55205443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.629765034 CET55213443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.629800081 CET44355213142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.629893064 CET55213443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.631136894 CET55213443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:41.631146908 CET44355213142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.668356895 CET44355207142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.668411970 CET44355207142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.668442011 CET55207443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:41.668452978 CET44355207142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.668499947 CET55207443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:41.668524981 CET44355207142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.668536901 CET55207443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:41.668571949 CET55207443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:41.839895964 CET44355208142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.839942932 CET44355208142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.839958906 CET55208443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:41.839978933 CET44355208142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.839992046 CET55208443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:41.840034008 CET55208443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:41.840040922 CET44355208142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.840063095 CET44355208142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:41.840080023 CET55208443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:41.840111017 CET55208443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:42.234008074 CET44355212142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:42.235832930 CET55212443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:42.255148888 CET44355213142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:42.257554054 CET55213443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:52.378771067 CET55213443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:52.378820896 CET44355213142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:52.381694078 CET55212443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:52.381736994 CET44355212142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:52.387233973 CET55208443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:52.387259007 CET44355208142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:52.389142990 CET55207443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:52.389163017 CET44355207142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:52.390777111 CET55221443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:52.390837908 CET44355221142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:52.391025066 CET55222443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:52.391068935 CET44355222142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:52.391084909 CET55221443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:52.391122103 CET55222443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:52.391489983 CET55221443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:52.391506910 CET44355221142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:52.391554117 CET55222443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:52.391565084 CET44355222142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:52.394748926 CET55212443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:52.394762993 CET44355212142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:52.395802021 CET55213443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:52.395826101 CET44355213142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:52.688726902 CET44355213142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:52.688808918 CET55213443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:52.689965010 CET44355213142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:52.690026999 CET44355213142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:52.690046072 CET55213443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:52.690207958 CET55213443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:52.694706917 CET44355212142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:52.694792986 CET55212443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:52.694828033 CET44355212142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:52.694868088 CET55212443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:52.695074081 CET44355212142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:52.695167065 CET55212443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:52.695175886 CET44355212142.250.185.174192.168.2.5
                                                                                                              Jan 2, 2025 20:32:52.695224047 CET55212443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:32:53.038966894 CET44355221142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:53.039033890 CET55221443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:32:53.049557924 CET44355222142.250.185.65192.168.2.5
                                                                                                              Jan 2, 2025 20:32:53.049640894 CET55222443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:33:03.341105938 CET4971380192.168.2.569.42.215.252
                                                                                                              Jan 2, 2025 20:33:03.344090939 CET55212443192.168.2.5142.250.185.174
                                                                                                              Jan 2, 2025 20:33:03.344177961 CET55222443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:33:03.344211102 CET55221443192.168.2.5142.250.185.65
                                                                                                              Jan 2, 2025 20:33:03.344248056 CET55213443192.168.2.5142.250.185.174

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Jan 2, 2025 20:31:44.793927908 CET6234353192.168.2.51.1.1.1
                                                                                                              Jan 2, 2025 20:31:44.800677061 CET53623431.1.1.1192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.666955948 CET5139953192.168.2.51.1.1.1
                                                                                                              Jan 2, 2025 20:31:45.674942970 CET53513991.1.1.1192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.679074049 CET5093353192.168.2.51.1.1.1
                                                                                                              Jan 2, 2025 20:31:45.686286926 CET53509331.1.1.1192.168.2.5
                                                                                                              Jan 2, 2025 20:31:45.944062948 CET5623153192.168.2.51.1.1.1
                                                                                                              Jan 2, 2025 20:31:45.951389074 CET53562311.1.1.1192.168.2.5
                                                                                                              Jan 2, 2025 20:31:52.050124884 CET6271253192.168.2.51.1.1.1
                                                                                                              Jan 2, 2025 20:31:52.057676077 CET53627121.1.1.1192.168.2.5
                                                                                                              Jan 2, 2025 20:31:58.859303951 CET5486353192.168.2.51.1.1.1
                                                                                                              Jan 2, 2025 20:31:58.866579056 CET53548631.1.1.1192.168.2.5
                                                                                                              Jan 2, 2025 20:32:05.627784014 CET6518053192.168.2.51.1.1.1
                                                                                                              Jan 2, 2025 20:32:05.634741068 CET53651801.1.1.1192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.101870060 CET5355239162.159.36.2192.168.2.5
                                                                                                              Jan 2, 2025 20:32:08.612030029 CET5012853192.168.2.51.1.1.1
                                                                                                              Jan 2, 2025 20:32:08.620008945 CET53501281.1.1.1192.168.2.5
                                                                                                              Jan 2, 2025 20:32:12.425102949 CET5644453192.168.2.51.1.1.1
                                                                                                              Jan 2, 2025 20:32:12.555459976 CET53564441.1.1.1192.168.2.5
                                                                                                              Jan 2, 2025 20:32:17.065819025 CET6049853192.168.2.51.1.1.1
                                                                                                              Jan 2, 2025 20:32:17.426480055 CET53604981.1.1.1192.168.2.5
                                                                                                              Jan 2, 2025 20:32:23.080954075 CET6396553192.168.2.51.1.1.1
                                                                                                              Jan 2, 2025 20:32:23.088867903 CET53639651.1.1.1192.168.2.5
                                                                                                              Jan 2, 2025 20:32:27.712850094 CET5332653192.168.2.51.1.1.1
                                                                                                              Jan 2, 2025 20:32:27.720448017 CET53533261.1.1.1192.168.2.5
                                                                                                              Jan 2, 2025 20:32:33.394341946 CET6070253192.168.2.51.1.1.1
                                                                                                              Jan 2, 2025 20:32:33.401824951 CET53607021.1.1.1192.168.2.5
                                                                                                              Jan 2, 2025 20:32:37.910803080 CET5034953192.168.2.51.1.1.1
                                                                                                              Jan 2, 2025 20:32:37.917824030 CET53503491.1.1.1192.168.2.5

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                              Jan 2, 2025 20:31:44.793927908 CET192.168.2.51.1.1.10x6964Standard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:31:45.666955948 CET192.168.2.51.1.1.10xe1dfStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:31:45.679074049 CET192.168.2.51.1.1.10xc7dbStandard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:31:45.944062948 CET192.168.2.51.1.1.10x321cStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:31:52.050124884 CET192.168.2.51.1.1.10x1491Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:31:58.859303951 CET192.168.2.51.1.1.10xa4d4Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:32:05.627784014 CET192.168.2.51.1.1.10x9b59Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:32:08.612030029 CET192.168.2.51.1.1.10x57b2Standard query (0)15.164.165.52.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:32:12.425102949 CET192.168.2.51.1.1.10x5f4fStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:32:17.065819025 CET192.168.2.51.1.1.10xbd2bStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:32:23.080954075 CET192.168.2.51.1.1.10x93a8Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:32:27.712850094 CET192.168.2.51.1.1.10xb60Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:32:33.394341946 CET192.168.2.51.1.1.10xaf49Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:32:37.910803080 CET192.168.2.51.1.1.10x5b3fStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                              Jan 2, 2025 20:31:44.800677061 CET1.1.1.1192.168.2.50x6964No error (0)docs.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:31:45.674942970 CET1.1.1.1192.168.2.50xe1dfName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:31:45.686286926 CET1.1.1.1192.168.2.50xc7dbNo error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:31:45.951389074 CET1.1.1.1192.168.2.50x321cNo error (0)drive.usercontent.google.com142.250.185.65A (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:31:52.057676077 CET1.1.1.1192.168.2.50x1491Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:31:52.505727053 CET1.1.1.1192.168.2.50x6c7dNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.netazurefd-t-fb-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:31:52.505727053 CET1.1.1.1192.168.2.50x6c7dNo error (0)dual.s-part-0017.t-0009.fb-t-msedge.nets-part-0017.t-0009.fb-t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:31:52.505727053 CET1.1.1.1192.168.2.50x6c7dNo error (0)s-part-0017.t-0009.fb-t-msedge.net13.107.253.45A (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:31:58.866579056 CET1.1.1.1192.168.2.50xa4d4Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:32:05.634741068 CET1.1.1.1192.168.2.50x9b59Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:32:08.620008945 CET1.1.1.1192.168.2.50x57b2Name error (3)15.164.165.52.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:32:12.555459976 CET1.1.1.1192.168.2.50x5f4fName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:32:17.426480055 CET1.1.1.1192.168.2.50xbd2bName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:32:23.088867903 CET1.1.1.1192.168.2.50x93a8Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:32:27.720448017 CET1.1.1.1192.168.2.50xb60Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:32:33.401824951 CET1.1.1.1192.168.2.50xaf49Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:32:37.917824030 CET1.1.1.1192.168.2.50x5b3fName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:32:48.542423964 CET1.1.1.1192.168.2.50x8a6cNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 2, 2025 20:32:48.542423964 CET1.1.1.1192.168.2.50x8a6cNo error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • docs.google.com
                                                                                                              • drive.usercontent.google.com
                                                                                                              • freedns.afraid.org

                                                                                                              HTTP Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              0192.168.2.54971369.42.215.252805796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 2, 2025 20:31:45.692130089 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                              User-Agent: MyApp
                                                                                                              Host: freedns.afraid.org
                                                                                                              Cache-Control: no-cache
                                                                                                              Jan 2, 2025 20:31:46.312208891 CET243INHTTP/1.1 200 OK
                                                                                                              Server: nginx
                                                                                                              Date: Thu, 02 Jan 2025 19:31:46 GMT
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: keep-alive
                                                                                                              Vary: Accept-Encoding
                                                                                                              X-Cache: MISS
                                                                                                              Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                              HTTPS Proxied Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              0192.168.2.549709142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:45 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-02 19:31:45 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:45 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-lVKjf3OWjJ4e9o-rr1YI2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              1192.168.2.549710142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:45 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-02 19:31:45 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:45 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-AkCUiTnz1Wt8TfVVnXqDAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              2192.168.2.549715142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:46 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-02 19:31:46 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:46 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-4I2sbU1QkzwlMbycLVit2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              3192.168.2.549714142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:46 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-02 19:31:47 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:46 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-crW8jRIM8KBT9r18UOkMRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              4192.168.2.549716142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:46 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              2025-01-02 19:31:47 UTC1595INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC4jC80EYocU88c7XVDz1RozQ3iyBT35y0-MBS4qrbxGdEOBYlsZrvMMXC1aVckQgdl2
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:46 GMT
                                                                                                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-G3YJJxVT9SY6VB7LOxCu6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Set-Cookie: NID=520=V9XTLzz17R7L1ka_HjEBo1ojDDGPsOmOVJNvdm1jmTxc1RyESzyz1OLbU0VUvOIT6PGx-aSp3RD68iBhsJUUrXubWlnBitf8l9nHrGgXm_LHX3vKTkLSF4jaGF5PtFeLXTZ3OClND61zD0fvOAFVtelrtU30T7AG3oK796UJzdGIUWQH3mvrBrcv; expires=Fri, 04-Jul-2025 19:31:46 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:31:47 UTC1595INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 4b 4b 34 5f 57 5a 55 4a 74 4f 33 6a 63 4a 4c 4e 68 31 5a 78 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5KK4_WZUJtO3jcJLNh1ZxA">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                              2025-01-02 19:31:47 UTC57INData Raw: 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: d on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              5192.168.2.549717142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:46 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              2025-01-02 19:31:47 UTC1595INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC5YiLuvryoXxKhfBqqe0xbCDrMXUgM3saw2bx98XTPqTzi04-nMPYLchmCdSI89huPC
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:47 GMT
                                                                                                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-7p4cLkypOz6yskahQNBHwA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Set-Cookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs; expires=Fri, 04-Jul-2025 19:31:47 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:31:47 UTC1595INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 52 78 65 49 4f 64 37 54 78 39 4e 51 79 7a 2d 62 52 35 5f 67 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZRxeIOd7Tx9NQyz-bR5_gA">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                              2025-01-02 19:31:47 UTC57INData Raw: 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: d on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              6192.168.2.549719142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:47 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-02 19:31:47 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:47 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-fjORhWay0ESauMOHAV8LQQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              7192.168.2.549721142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:47 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              2025-01-02 19:31:48 UTC1601INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC4JdAF1hkWU2l0cJT8tD_SZQ-Bdr1B9ZUuYqTvmvcmJMXSC7Qf9RdY3pEtv7b4M3YiP-2K5Pg8
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:48 GMT
                                                                                                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-zhBdXgtmDjcWv86rNYtdCg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Set-Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0; expires=Fri, 04-Jul-2025 19:31:48 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:31:48 UTC1601INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 76 56 37 6b 48 4a 2d 4b 39 45 30 4c 52 47 70 72 45 37 31 2d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="EvV7kHJ-K9E0LRGprE71-A">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                              2025-01-02 19:31:48 UTC51INData Raw: 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: his server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              8192.168.2.549720142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:47 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-02 19:31:48 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:48 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-ekMANh9aKs3iOOpvbd3xEQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              9192.168.2.549722142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:47 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=V9XTLzz17R7L1ka_HjEBo1ojDDGPsOmOVJNvdm1jmTxc1RyESzyz1OLbU0VUvOIT6PGx-aSp3RD68iBhsJUUrXubWlnBitf8l9nHrGgXm_LHX3vKTkLSF4jaGF5PtFeLXTZ3OClND61zD0fvOAFVtelrtU30T7AG3oK796UJzdGIUWQH3mvrBrcv
                                                                                                              2025-01-02 19:31:48 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC7r-uDKEdeFYNLh1inq4q2EZkJnpzmsN-dqaXeOzarfE60Dei37rEkAltKRcWBI3b5Z
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:48 GMT
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-aODRhxeb2rsRXkiUKSgSAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:31:48 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:31:48 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 41 71 59 30 5a 69 71 56 57 4e 6a 4b 57 52 63 50 66 6a 54 32 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="ZAqY0ZiqVWNjKWRcPfjT2w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:31:48 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              10192.168.2.549725142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:48 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-02 19:31:49 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:48 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-EQJScXcFr_6TPjLwKrJ9bQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              11192.168.2.549726142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:49 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-02 19:31:49 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:49 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-F58SEpY9HuzpNBUqo6l2mQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              12192.168.2.549727142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:49 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                                                                                                              2025-01-02 19:31:49 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC6uWJYp2ZF69EeRyDzhNMCcJgzBw0y6fjfIJO8FnAYHOVIwA0TYU3Y5UHioCwBstGWA
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:49 GMT
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-Hk9SBORwENH-j5Hzyn_O9w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:31:49 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:31:49 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 2d 6d 53 32 62 6c 73 73 67 56 31 43 6d 72 30 51 79 39 5a 52 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="W-mS2blssgV1Cmr0Qy9ZRw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:31:49 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              13192.168.2.549729142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:49 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              14192.168.2.549739142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:50 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-02 19:31:50 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:50 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-b135GXto23SdJwjhu4JNyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              15192.168.2.549738142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:50 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:31:50 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC7V8skXCAkGZBscbD_d8VCCQCxpEb_7iJ-YFwyr-O2gU5VBW6WVBIY3Ipmogw1_OhNN
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:50 GMT
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-4vEbzj0c9NWRINqAU-0pkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:31:50 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:31:50 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 59 2d 32 35 61 30 49 47 55 68 68 38 6c 70 79 48 53 78 69 31 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="TY-25a0IGUhh8lpyHSxi1w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:31:50 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              16192.168.2.549740142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:50 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-02 19:31:50 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:50 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-JBm1zOjew8AFsvIjld4upg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              17192.168.2.549745142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:51 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:31:51 UTC1250INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC5jxo58V8megawoCbWSG5IhmqFo51cLsnqZhnTMRydVZ-yIHs8BrFQCwG8fMVLUJyQqV8WZeo8
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:51 GMT
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-putScOuga7P21EX4Ibfh8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:31:51 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                              2025-01-02 19:31:51 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 67 5f 44 73 45 73 55 4a 6f 50 69 79 4a 6e 73 48 76 6b 54 43 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="Eg_DsEsUJoPiyJnsHvkTCg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                              2025-01-02 19:31:51 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              18192.168.2.549744142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:51 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-02 19:31:51 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:51 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-_heoYEFx_CJ276oA3q1ccA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              19192.168.2.549746142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:51 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-02 19:31:51 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:51 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-w-rJaBZx8idzSQ0nnXIC0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              20192.168.2.549747142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:51 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:31:51 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC6GQMJNECznHsxMGp133q7Gj50Qy3CJPmIKIDiCQEYv1WdDv3QEqXm9VDlzxVWI-N0G
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:51 GMT
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-Y1lIA5HQVjFcunG6RVVZLQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:31:51 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:31:51 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2d 74 79 5f 44 77 6d 69 5a 76 42 70 64 56 57 61 61 68 68 67 76 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="-ty_DwmiZvBpdVWaahhgvg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:31:51 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              21192.168.2.549749142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:52 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-02 19:31:52 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:52 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-cWjuB8WpXWnSjzYqGbT7NQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              22192.168.2.549750142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:52 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:31:52 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC7yeT-zNTdj-dR1jiaPsWZRRY4ROATkhxOrITiHKdIM8BT5iV5_XEpP1t6rDcGV2gKS
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:52 GMT
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-rAbo7rscW7ZdX8GB8VvPxg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:31:52 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:31:52 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 46 6a 35 6e 5a 46 48 74 46 75 6c 59 6e 6e 64 4a 45 5f 67 32 4c 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="Fj5nZFHtFulYnndJE_g2Lw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:31:52 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              23192.168.2.549748142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:52 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-02 19:31:53 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:52 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-B3FtSPhD2rCHg8yaP-IjFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              24192.168.2.549751142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:52 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:31:53 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC7cOQ0neXewoNPuARslPCDDJesXUB6lJez2RXN7oO_7xtptvs5FCobGCN3QrFemhW_M
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:53 GMT
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-8nw-5hiUgJP8YNxsj5ItJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:31:53 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:31:53 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 31 53 55 5a 63 71 72 71 4c 63 31 4d 36 43 52 49 38 55 39 71 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="c1SUZcqrqLc1M6CRI8U9qQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:31:53 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              25192.168.2.549755142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:53 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              26192.168.2.549756142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:53 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              27192.168.2.549757142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:53 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-02 19:31:54 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:54 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-_alwScJZ5EDJB68Cuc1qMA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              28192.168.2.549763142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:54 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-02 19:31:54 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:54 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-B1yeSnc7qk8GasBQvhoQLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              29192.168.2.549770142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:54 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-02 19:31:55 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:55 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-Ik7RQUd1gtNo-_v-e84zgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              30192.168.2.549769142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:54 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:31:55 UTC1250INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC66_FexK7EfOy0W_SgkF9hLRenNRivVSbtQbaRybPQLN6mhJ5G49iVKdyxN8YrJdBP3Tk3hjX4
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:55 GMT
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-1YjGbb_Ir7p4HAooOBtz5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:31:55 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                              2025-01-02 19:31:55 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 6f 70 59 62 51 61 66 77 54 5f 38 63 6c 77 36 6a 59 64 46 49 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="0opYbQafwT_8clw6jYdFIQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                              2025-01-02 19:31:55 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              31192.168.2.549776142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:55 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:31:55 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC7JMkQ2DSqHaj-sQEhYGNT1CjmSscInyTgy8ApLmq9CMZYPiSoxgFdPlEOD_atM9Ks6
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:55 GMT
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-VL3R8B3dKJXovRmn8BjHHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:31:55 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:31:55 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 65 43 6d 6d 6a 71 2d 6a 34 69 7a 42 57 68 50 5f 75 4c 73 67 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="HeCmmjq-j4izBWhP_uLsgg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:31:55 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              32192.168.2.549777142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:55 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2025-01-02 19:31:55 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:55 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-Ewl7uin9Ux2f9Wm6rhk7cQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              33192.168.2.549780142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:56 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:31:56 UTC1250INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC7TsXV3tpCi-sgtWSVsCXyTvoztp8viHyJvtR_6pfW2uacZkzxFT5MmFkzfZuRy3m4fbWKIUSE
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:56 GMT
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-LfR_i4XnPbwkdpJpBacxXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:31:56 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                              2025-01-02 19:31:56 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 38 76 30 5f 64 51 6a 52 37 58 74 57 5a 36 51 79 6f 68 5f 46 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="l8v0_dQjR7XtWZ6Qyoh_FA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                              2025-01-02 19:31:56 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              34192.168.2.549779142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:56 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=V9XTLzz17R7L1ka_HjEBo1ojDDGPsOmOVJNvdm1jmTxc1RyESzyz1OLbU0VUvOIT6PGx-aSp3RD68iBhsJUUrXubWlnBitf8l9nHrGgXm_LHX3vKTkLSF4jaGF5PtFeLXTZ3OClND61zD0fvOAFVtelrtU30T7AG3oK796UJzdGIUWQH3mvrBrcv
                                                                                                              2025-01-02 19:31:56 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:56 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-0XM602hOOJe_EMJ5Nuv_Bg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              35192.168.2.549787142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:56 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:31:56 UTC1250INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC4Rw_7bpwdGGvoyMdeKuBWhfDDCyV_z6Ln_VcTwHszhiqSsEafVA2PTTqBhZotW0gs8zzBWxCA
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:56 GMT
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-_r7OzNT_9YPq9bNKhhEGRQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:31:56 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                              2025-01-02 19:31:56 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 61 34 65 49 71 58 4b 7a 62 69 44 58 77 58 52 70 78 74 31 66 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="la4eIqXKzbiDXwXRpxt1fQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                              2025-01-02 19:31:56 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              36192.168.2.549786142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:56 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=V9XTLzz17R7L1ka_HjEBo1ojDDGPsOmOVJNvdm1jmTxc1RyESzyz1OLbU0VUvOIT6PGx-aSp3RD68iBhsJUUrXubWlnBitf8l9nHrGgXm_LHX3vKTkLSF4jaGF5PtFeLXTZ3OClND61zD0fvOAFVtelrtU30T7AG3oK796UJzdGIUWQH3mvrBrcv
                                                                                                              2025-01-02 19:31:56 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:56 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-7BV9TvLz6Ctfe7noW5A5rA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              37192.168.2.549792142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:57 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                                                                                                              2025-01-02 19:31:57 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:57 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-OhPAnWHeCRrV44Prw1xEKA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              38192.168.2.549793142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:57 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:31:57 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC6Ts0D78Ex0xUJCp3q1BOLkY1j5h_MQiN8bex05q4OIYwAYENxUHO0qUkbHb5WUrvj_
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:57 GMT
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-_vBE4mLNnLik_6nX3BlflQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:31:57 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:31:57 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 4f 4c 42 69 46 2d 4f 75 58 44 45 64 37 2d 72 70 66 53 68 41 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="nOLBiF-OuXDEd7-rpfShAg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:31:57 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              39192.168.2.549796142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:57 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              40192.168.2.549797142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:57 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              41192.168.2.549804142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:58 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                                                                                                              2025-01-02 19:31:58 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:58 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-vKfm8Jg1of3S4jlstNfDXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              42192.168.2.549805142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:58 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                                                                                                              2025-01-02 19:31:58 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:58 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-XCMWKk7MjdOOWQEdvRPiAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              43192.168.2.549812142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:59 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                                                                                                              2025-01-02 19:31:59 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:59 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-uLqGO0_FUDQhOuJxADf6sA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              44192.168.2.549815142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:59 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:00 UTC1250INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC50finYrAnR8etU2nRcDzmQzd2rSN8GKG50cO_v2gGha4vtS3DhFLJ6-a4ecRptb7q_dbdttWQ
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:59 GMT
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-ffuVu8BLGV5eUS-AlRYZWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:00 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                              2025-01-02 19:32:00 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 75 48 6b 70 54 47 67 50 6f 6e 68 46 32 78 51 67 66 59 77 6d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="6uHkpTGgPonhF2xQgfYwmA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                              2025-01-02 19:32:00 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              45192.168.2.549816142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:59 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:00 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC6qSpwQ_N50en-QeKuDjmCVamWUG4YK7KJ1uSeJ3UmxFIxtL9UyrnQZrBZaS_1b-hdc
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:00 GMT
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-0Tyznfb6MoU9OLwDEPo3pQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:00 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:00 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 43 39 43 71 6d 6b 55 64 58 52 33 44 6a 44 39 75 31 79 73 49 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="5C9CqmkUdXR3DjD9u1ysIA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:00 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              46192.168.2.549813142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:31:59 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                                                                                                              2025-01-02 19:31:59 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:31:59 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-ObeK630PyDw4GOydI3lUzw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              47192.168.2.549827142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:00 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                                                                                                              2025-01-02 19:32:01 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:01 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-6y4GDJpvb8rpW47mpLoZNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              48192.168.2.549828142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:00 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                                                                                                              2025-01-02 19:32:01 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:01 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-hm0EtYGE5r_J-EBbcZHSfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              49192.168.2.549829142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:01 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              50192.168.2.549830142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:01 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              51192.168.2.549841142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:02 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:03 UTC1250INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC7O9VzABE8fffwPvDhSnozuu5okRuIf1jU5JLUzrvO7nAx_eWzQEf41mrc9tdgKtwa4tX1Axpo
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:03 GMT
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-MuZOrTYAOieEZfkwhHO2RQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:03 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                              2025-01-02 19:32:03 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 45 45 65 38 7a 51 2d 52 6c 4c 41 44 6d 6d 6b 49 79 69 6f 30 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="5EEe8zQ-RlLADmmkIyio0g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                              2025-01-02 19:32:03 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              52192.168.2.549840142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:02 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:03 UTC1242INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC5BSCzRcVd1ABxaByWajGEZVYkdbbF3IDo-zjKDHmIQsVplTx12phJ2qYh29AIyLPc
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:03 GMT
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-gfAfJ1dDoc5lN7aE_iWXIA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:03 UTC148INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not
                                                                                                              2025-01-02 19:32:03 UTC1390INData Raw: 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 52 2d 65 6c 6e 38 4b 6d 50 31 4c 62 32 4f 64 31 41 5f 35 66 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a
                                                                                                              Data Ascii: Found)!!1</title><style nonce="dR-eln8KmP1Lb2Od1A_5fw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:
                                                                                                              2025-01-02 19:32:03 UTC114INData Raw: 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              53192.168.2.549842142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:02 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                                                                                                              2025-01-02 19:32:03 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:03 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-vJTH1x2blQ_ox_Z9vlfhAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              54192.168.2.549839142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:03 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TCAYwB1HRgpzRu-PpuoI63c4b4d9YMtPoQdigAaSoygM_YeEXfxqQdFA2zbwFNqGdNHfyEOLwWK39NxObLO0lYyFmQh7z1MbKETR2doBH-IcdeU_ZrmFvqzc5QTBVp_8tR29P71-0Al0rl5nWiux-AVU9yXCwXg23Vm490VGqynCpjciBpIo3Fqs
                                                                                                              2025-01-02 19:32:03 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:03 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-AhKgShvUq-xjoY9bLpAWNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              55192.168.2.549850142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:03 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:04 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:04 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-wt3-I3v_Vs_PA9nGVmxU3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              56192.168.2.549853142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:04 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:04 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC5odHYAS9O9CXWWQTUoRCgqVOEPPD_hBejZZYmRJIq-5zaQFn6zigMuxKw4ohm9g-Hf
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:04 GMT
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-3AvN4kizdQesmFgK5zJp3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:04 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:04 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 33 45 51 68 46 51 42 6e 61 49 7a 32 75 54 68 46 39 6d 2d 4e 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="U3EQhFQBnaIz2uThF9m-Nw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:04 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              57192.168.2.549857142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:04 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:04 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:04 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-usumDfGnGq3RcFZSsouljw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              58192.168.2.549858142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:04 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:04 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC74WGs542qSHtyjvKt1EdVWXPWBk0YZp5CyT1fhTfd21HwxOpfiuzPGtrphzruf3FLS
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:04 GMT
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-YdV9Wacqws8Rbs7OdeF8iw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:04 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:04 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 52 58 56 4e 71 6f 37 46 44 36 4e 50 63 37 71 58 51 55 73 4b 33 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="RXVNqo7FD6NPc7qXQUsK3Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:04 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              59192.168.2.549864142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:04 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:05 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:05 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-gRiomv2XiW-vEKebMNkVXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              60192.168.2.549868142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:05 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:05 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC5clwSx16-ojHEoeZ2cnkqLnMEc8NbfpxR9rFO6hKHFWoE88BA8AFI6Om6mszon3AaE
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:05 GMT
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-0zDGy59hmw5TOS9EX8zcRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:05 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:05 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 49 64 31 52 75 67 6e 2d 73 51 6c 47 38 36 70 38 2d 6b 54 41 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="HId1Rugn-sQlG86p8-kTAw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:05 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              61192.168.2.549869142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:05 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:05 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:05 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-70rwyEWN65cNyOBWvvXiiA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              62192.168.2.549870142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:05 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              63192.168.2.549881142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:06 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:06 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:06 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-fsWCCxn2eBZlsXeyQpRZTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              64192.168.2.549883142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:06 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:06 UTC1250INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC42xxYH_0-Aa87F0WB2IsRCGINzpCTuXaJyBs4-dbKkVEz4Iv8PgFyN2ydZMlRB3rb1VXE6J-I
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:06 GMT
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-NfpncCJ3-A2UoIaMoG0_pQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:06 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                              2025-01-02 19:32:06 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5f 32 59 6b 56 6d 64 68 58 57 59 70 33 6e 47 4d 54 53 61 55 41 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="_2YkVmdhXWYp3nGMTSaUAg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                              2025-01-02 19:32:06 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              65192.168.2.549882142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:06 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:06 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:06 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-l4_UbQ8mtlYS8SbQiZwGpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              66192.168.2.549893142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:07 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:07 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC4_UI8YlCQy0GHm-08G_an8EyAriVVciRBCwwK20KmS1TYtl3z0cjmC0bx9H-GqMgAn
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:07 GMT
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-jFMKBizQ3cQr_4Bmhsu23Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:07 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:07 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 63 31 5a 6b 6e 48 37 52 5a 74 33 4e 67 66 5f 44 51 73 75 36 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="Xc1ZknH7RZt3Ngf_DQsu6Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:07 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              67192.168.2.549892142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:07 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:07 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:07 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-Cm60-vEoCtGASZd-XFXpuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              68192.168.2.549896142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:07 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:08 UTC1250INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC73MbiBmEaSCZJWTcVnq886XoVitilneFgPGCk-stO3EExWLrS_npJZ7WLbiS5HkC5ST_l9i5w
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:07 GMT
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-VxqTBDMkzk-l2HYd2FS7fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:08 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                              2025-01-02 19:32:08 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 75 67 73 33 51 61 65 44 42 77 2d 5a 50 52 48 77 48 72 52 5a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="Eugs3QaeDBw-ZPRHwHrRZw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                              2025-01-02 19:32:08 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              69192.168.2.549895142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:07 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:07 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:07 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-XU8U3rsBFNh4OzctK0nmQQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              70192.168.2.549904142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:08 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:08 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:08 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-LfxvpxVTCYpU73dub_Kqyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              71192.168.2.549905142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:08 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:09 UTC1250INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC58bOdH0eE-rAyO3mkLNCkOKEgOaRaJB6vx22wgYht6Funmh1UbbEBxwOtmHzCdBfLuk75_208
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:08 GMT
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-KkNdZYerXBSeNMvIpnnYPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:09 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                              2025-01-02 19:32:09 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 72 41 63 32 59 59 76 59 65 6c 43 65 33 4e 51 69 52 77 44 38 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="rrAc2YYvYelCe3NQiRwD8Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                              2025-01-02 19:32:09 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              72192.168.2.549906142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:08 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:08 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:08 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-ahw3vtizCPfmUAgTx3_9Og' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              73192.168.2.549908142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:08 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:09 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC5eFBEKZqsaXVPuXQfs031QDEG_3toHipBiWk1jxyE1tdbaH9jXMwYnUza-u1y-ZhdI
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:09 GMT
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-ru0ebaPNHr0dOkZzxJNPaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:09 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:09 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 46 67 65 54 51 42 45 67 72 52 30 54 61 44 49 31 45 6e 71 63 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="CFgeTQBEgrR0TaDI1Enqcw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:09 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              74192.168.2.554876142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:09 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              75192.168.2.554877142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:09 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              76192.168.2.554879142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:09 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              77192.168.2.554888142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:10 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:10 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:10 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-9JX5YvdPbJbCkIWB72ateQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              78192.168.2.554887142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:10 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:10 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:10 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-f_tTFHnTo_3vUeGpnMlHyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              79192.168.2.554896142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:11 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:11 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:11 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-QMa2ZPs8j1YIWdUD2TfqRQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              80192.168.2.554897142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:11 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:11 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC4ZpnsPSFfb7WeoF39fNcl6viaDlJe0EQPloso31K9n3t1yfR_8KYX40OtmHXGge-PF
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:11 GMT
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-3ThIJwKxXg6MZCl7OJ98Yg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:11 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:11 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 48 48 36 6c 4b 34 64 62 31 4e 73 75 63 39 4b 46 4f 54 78 70 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="7HH6lK4db1Nsuc9KFOTxpA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:11 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              81192.168.2.554899142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:11 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:12 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC5p5X35RInSmlNHDv8nrK60-VaNR5uAoJld6cQtlHrgiqcdGprZfJzP7Ks_Up8sLycA
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:11 GMT
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-n84Ed1s-slsyWcXOj_3tWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:12 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:12 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 42 47 5a 46 62 76 5a 33 55 47 54 78 4a 38 34 50 58 41 53 79 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="UBGZFbvZ3UGTxJ84PXASyw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:12 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              82192.168.2.554898142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:11 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:11 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:11 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-GWmbmlTKWQl5hJLqGEVulQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              83192.168.2.554909142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:12 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:12 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:12 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-cRswwwdv5u6ogxEZnMkz-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              84192.168.2.554911142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:12 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:13 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC5rsfMqpe2hpQRgEHRi7_Go0VlxW9BPQTeYlD2OpptmsD8Mg5vf5N_fcwe0k0Wu9oeo
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:12 GMT
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-FVOCbvQHXmHoVScclUL69w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:13 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:13 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 59 75 6b 74 58 6f 61 59 74 4e 56 37 50 4d 52 6e 49 6f 4f 67 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="hYuktXoaYtNV7PMRnIoOgA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:13 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              85192.168.2.554910142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:12 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:13 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:12 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-lKnoX92cAgIDfMISrDBuBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              86192.168.2.554914142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:12 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:13 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC7oJgN8BJJBlt4YpZRapCFGQ7v23cBf4Y51Zo5SWwLNAmyXVvz6Qz5ZL0SYaJSg5y5r
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:13 GMT
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-p7zyKA1blRTOAopvSSFvIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:13 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:13 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 6a 43 78 35 70 41 4a 6b 42 79 4c 68 4a 37 5f 75 5a 78 34 57 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="ojCx5pAJkByLhJ7_uZx4Ww">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:13 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              87192.168.2.554923142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:13 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              88192.168.2.554922142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:13 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              89192.168.2.554924142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:13 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              90192.168.2.554932142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:14 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:14 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:14 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-0jGlPcnZ2YUDryp4GNS2ng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              91192.168.2.554933142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:14 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:14 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:14 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-4Cd469_OiIta66ZL4_Zayg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              92192.168.2.554940142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:15 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:15 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:15 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-278nQ3GK9cXU1Znhip9vMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              93192.168.2.554941142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:15 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:15 UTC1250INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC6krn3fcccAZyvu0ku93iUGKC31OdMNEJ7oxkim-kQ1cd97E0r0yVyalI4I2JpxtqRAv1Lxslk
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:15 GMT
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-zYGH0ywjRo-afNUSZqPNxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:15 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                              2025-01-02 19:32:15 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 37 74 50 4d 36 4b 42 45 73 31 31 68 6b 61 77 75 59 41 55 56 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="Y7tPM6KBEs11hkawuYAUVw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                              2025-01-02 19:32:15 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              94192.168.2.554943142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:15 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:16 UTC1250INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC5Z5KEGTeJ7u6uI50Ju-nHnMnD24YqHB8cZTMYYFVEGhFd9AXhKeRXdHGKvkAOGcF9W3UVEKWw
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:15 GMT
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-nr68BCZVT-ioOGoA13V0gg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:16 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                              2025-01-02 19:32:16 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 47 76 51 4b 30 6a 49 35 33 6b 74 5f 30 6c 45 6f 75 41 6d 6f 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="OGvQK0jI53kt_0lEouAmoQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                              2025-01-02 19:32:16 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              95192.168.2.554942142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:15 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:15 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:15 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-WMCpDfAit81_XvPB2nnpEA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              96192.168.2.554951142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:16 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:16 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:16 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-eXMsavyETiXTy1KI2xLKUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              97192.168.2.554954142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:16 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:17 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC6QVcj4vwTJxED8DQkQNvi7k86c7JTjmlukcQSDs3bAp-DdbmwVKGSNgH8DiYrgNL_K
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:16 GMT
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-1MiJSKnipUtvx-ZbC8aySQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:17 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:17 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 69 30 44 49 36 4a 49 4b 53 77 73 65 68 4e 73 7a 64 36 30 79 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="zi0DI6JIKSwsehNszd60yg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:17 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              98192.168.2.554952142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:16 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:17 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:16 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-aG6_wB8jb6ACe3Bruus1bQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              99192.168.2.554956142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:16 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:17 UTC1250INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC5_ep2ajqsR6SKjrjR0_ARRvDMgSebuhEtgMgT36puzO-hE9kWvBGwxtPGilT3VLtxkpLzgecE
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:17 GMT
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-TQRsyfoFvLc17_edTxRcMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:17 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                              2025-01-02 19:32:17 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 4f 6c 41 78 62 43 56 41 2d 72 59 43 6d 59 7a 32 2d 77 31 75 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="bOlAxbCVA-rYCmYz2-w1uA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                              2025-01-02 19:32:17 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              100192.168.2.554962142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:17 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              101192.168.2.554964142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:17 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              102192.168.2.554966142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:17 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              103192.168.2.554974142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:18 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:18 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:18 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-7keSeE3uAa7U4Ym88ujygA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              104192.168.2.554975142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:18 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:18 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:18 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-oAtONagCpRGqvlLwforQFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              105192.168.2.554982142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:19 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:19 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:19 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-fIWVztdq9F00ar1kfgpyQQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              106192.168.2.554983142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:19 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:19 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC7gxjS5Y827OPBB5R18UmOiXVAPgo7ryNDvdYS6yCQxf8f5CkudpjNVGGd5AIFMgPwz
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:19 GMT
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-r-c1Eh_UHCwLtTymdezJ1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:19 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:19 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 49 64 32 6e 6c 74 55 7a 77 62 77 34 61 4e 71 31 4b 34 76 46 6f 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="Id2nltUzwbw4aNq1K4vFog">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:19 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              107192.168.2.554984142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:19 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:20 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC6vuCSeQQMmbcrwZO8qdctk9PF0ry2PnEX0PgDJGOMDrswFjMz9eqBBAgQv3hdZPzx_
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:19 GMT
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-5tQReMaflSaNFI46pIKF1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:20 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:20 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 6c 48 65 6a 41 70 70 45 37 54 73 6b 68 32 6a 43 4b 71 4c 71 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="glHejAppE7Tskh2jCKqLqg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:20 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              108192.168.2.554985142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:19 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:19 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:19 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-7thxi4f4O1XfUaNKRhcZzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              109192.168.2.554994142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:20 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:20 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:20 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-MHuOTUekIlnHtc1hq9iYHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              110192.168.2.554995142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:20 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:21 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC5t3t9vGsMNSjk31kfSqoAPI5ubrfY8EuRQJALcNYAq3bH9wWlZMvUjhEYEXGuYZ4CX
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:20 GMT
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-DhC2m1_eqY_QFN0P7jwamw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:21 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:21 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 36 6a 79 6f 4c 77 4c 78 6b 64 5a 65 64 32 36 42 4a 2d 43 51 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="G6jyoLwLxkdZed26BJ-CQA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:21 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              111192.168.2.554997142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:20 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:21 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:20 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-c0Oe0kxOukoVYT1CHkdd6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              112192.168.2.554998142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:20 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:21 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC6HuGEdtYCK9m9mmupGhoKfED1Q-QsH2wk6Rw0HllyghBEdU-tCi-kpOpHZxHb-gnPu
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:21 GMT
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce--dzFa31-QLliNfaXAKwnug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:21 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:21 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 6e 59 73 75 5a 6a 6f 58 51 57 6a 50 65 37 4c 59 32 4e 58 37 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="EnYsuZjoXQWjPe7LY2NX7g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:21 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              113192.168.2.555006142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:21 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              114192.168.2.555008142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:21 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              115192.168.2.555009142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:21 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              116192.168.2.555016142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:22 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:22 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:22 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-gPHSvRrBk_1pHr4PYnFJjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              117192.168.2.555017142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:22 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:22 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:22 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-8z5OFW-c_jF5VlxFaF_5hg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              118192.168.2.555027142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:23 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:24 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC7JfdyxbR4J3MwaG2BkHaOSw8DUep14h5bGnEa8AN_Xh3SJI2hEHT0OvmpHsUypNZB_
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:24 GMT
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-7zLQ5jSYIYvOWDwwRQkkYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:24 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:24 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 79 76 71 7a 6b 59 39 67 44 4c 61 37 50 53 45 58 6e 70 42 6a 6f 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="yvqzkY9gDLa7PSEXnpBjoQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:24 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              119192.168.2.555025142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:23 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:24 UTC1250INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC4OsAl4Q1BVqY4dtWdOssaRYmgtWl_29Z4irQYgus5TwyttUtHOSG1FLpSoQTW64G9ltDULgyY
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:23 GMT
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-felKp3KRz4JpfIurQBkbqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:24 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                              2025-01-02 19:32:24 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 71 33 4c 68 71 30 6a 51 4e 38 32 4c 55 58 4c 6f 47 70 42 6f 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="kq3Lhq0jQN82LUXLoGpBoQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                              2025-01-02 19:32:24 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              120192.168.2.555026142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:23 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:23 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:23 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-bV-tR_Owm1PYSLoXXRQm8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              121192.168.2.555024142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:23 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:24 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:23 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-7kxsEpU81Xt9Nd2JGQvtGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              122192.168.2.555034142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:24 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:24 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:24 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-OoYkzMTFujTxoAI3bY8xWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              123192.168.2.555036142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:24 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:25 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC7Jj2JnNpfvC8awdAYOW5O8Ltk0QGETUlROvg_7CHEvjR12yEYJF7IKhvAfmQj-eoGU
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:24 GMT
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-mrv_7yks-ZLxc2cd0id0vQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:25 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:25 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 5a 70 4b 32 34 6d 57 71 6c 34 62 52 43 48 31 72 62 35 59 78 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="dZpK24mWql4bRCH1rb5Yxw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:25 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              124192.168.2.555038142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:24 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:25 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:24 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-gSf9ieSsXRCtrc89zu0pIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              125192.168.2.555040142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:24 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:25 UTC1250INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC7egf8DCDMPHVbmulziHdbpeDimduHvEuJpEhwpGUezH6flhYqesDzxkWxFBZmOZmATqy4jaWs
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:25 GMT
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-IhzwxZv5osVGVLeaIAwL7A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:25 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                              2025-01-02 19:32:25 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 68 73 51 34 42 4f 79 6e 5f 63 71 41 56 50 4b 63 50 61 39 4e 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="thsQ4BOyn_cqAVPKcPa9NQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                              2025-01-02 19:32:25 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              126192.168.2.555048142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:25 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              127192.168.2.555051142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:25 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              128192.168.2.555050142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:25 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              129192.168.2.555059142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:26 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:26 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:26 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-e7n8bA0rKt5XlDuGuASfQQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              130192.168.2.555058142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:26 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:26 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:26 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-OSHej2of-7lDCjbTGm4x-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              131192.168.2.555068142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:27 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:27 UTC1250INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC6NX45v6C7p7jEprw7POBhSg9JtupbGtykVOAW-E2sCZ1GBI8VWsXbdAv8PB5lZ_RrwvBWMZGc
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:27 GMT
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-687n_2YPB1WRC7QThWv38A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:27 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                              2025-01-02 19:32:27 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 76 69 53 71 4f 49 79 73 72 56 6f 69 37 72 4f 30 67 72 45 43 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="HviSqOIysrVoi7rO0grECQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                              2025-01-02 19:32:27 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              132192.168.2.555067142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:27 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:27 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:27 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-F3ejhjGjHviRPDAyDW1rLQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              133192.168.2.555069142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:27 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:27 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:27 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-1Frp0PQQcNIZDG3Osmjtng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              134192.168.2.555070142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:27 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:28 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC6pPEkzCNyRjuwBJ6ZxC1ptIstfGt4xzPTgt2tqFFB7PCp5aydi2zv5PpyXkdNYezWN
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:27 GMT
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-L5VFBJc4Dp8NSUUPxReDIA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:28 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:28 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 69 6b 51 66 35 78 4b 54 6f 38 71 54 59 68 7a 69 37 35 49 64 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="LikQf5xKTo8qTYhzi75Idg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:28 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              135192.168.2.555078142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:28 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:28 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:28 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-m-DTmxFDCEk6EePuWpUhAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              136192.168.2.555079142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:28 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:28 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-AVNBHVeZKfOl5tKVxdvrmQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              137192.168.2.555080142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:28 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:28 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC6elQ3xQwZvi19pmxqgeSqeFCot6ftfOtyrmL1bEfb-snklM_e_ZCcEDBTgwamlRLio
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:28 GMT
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-i3ALMUqt8Pdybk7AvwsBng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:28 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:28 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 5a 65 43 69 37 74 31 71 79 72 46 5f 55 39 74 71 78 43 36 6c 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="0ZeCi7t1qyrF_U9tqxC6lQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:28 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              138192.168.2.555083142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:28 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:29 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC77YHfupVpgmWtbyVAQUnqYNnsrJAFeaYgUN3077w8VNBdTGkmMB75dS9qQjjJtWLPy
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:29 GMT
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-ga11EpShjUvcYDmgLr3Mcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:29 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:29 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 45 74 4b 54 70 76 46 4d 33 6f 42 71 2d 73 79 33 4e 71 50 4f 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="kEtKTpvFM3oBq-sy3NqPOw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:29 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              139192.168.2.555090142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:29 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              140192.168.2.555092142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:29 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              141192.168.2.555093142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:29 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              142192.168.2.555095142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:29 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:30 UTC1250INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC5b7ph9J90fbwasitHaz9WKPfa5tNKX7gDdF4jsR7BbQD5S6zku7pUyT55yw6LimId51u2U6j4
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:30 GMT
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-__JDGlajdVvcAl5stH6V2w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:30 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                              2025-01-02 19:32:30 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 68 63 38 32 63 73 7a 43 66 66 53 53 68 73 68 63 72 62 49 78 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                              Data Ascii: 404 (Not Found)!!1</title><style nonce="Jhc82cszCffSShshcrbIxA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                              2025-01-02 19:32:30 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              143192.168.2.555099142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:30 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:30 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-lO6dNLxwR7HuXcEVy1J29w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              144192.168.2.555100142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:30 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:30 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-Mm8545qPNtVxMf055kNlzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              145192.168.2.555108142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:31 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:31 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC5ez8FRLQbqZxaHm2wJvPN4PT37XFGL5HoYmFMRX2PF-tuDsOQo8e8gIctCvb6ecaw2
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:31 GMT
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-l7OYChzCdLFcGsvAJuE3yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:31 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:31 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 46 51 37 32 4b 4d 4a 53 56 73 6c 66 75 59 71 52 75 6c 54 41 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="eFQ72KMJSVslfuYqRulTAg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:31 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              146192.168.2.555107142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:31 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:31 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:31 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-WGDvTD-aHiRF_Nz3NUgJoA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              147192.168.2.555110142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:31 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:32 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC6RAqCw7OgM1cULKpmh-xT9o1L7kKhXENHOgDw-czjLBLELWeB2BhhAZPUzsLZ3UqKQ
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:31 GMT
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-31V7qBfjCMqMavwDZ1EajA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:32 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:32 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 74 43 57 47 58 46 77 44 4a 6d 4a 33 53 5f 44 6a 39 67 47 5f 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="HtCWGXFwDJmJ3S_Dj9gG_Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:32 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              148192.168.2.555109142.250.185.1744435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:31 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Host: docs.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:31 UTC1314INHTTP/1.1 303 See Other
                                                                                                              Content-Type: application/binary
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:31 GMT
                                                                                                              Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-2VG_da_IiW2FonAqqAko1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Server: ESF
                                                                                                              Content-Length: 0
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              149192.168.2.555118142.250.185.654435796C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-02 19:32:32 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                              User-Agent: Synaptics.exe
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: drive.usercontent.google.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Cookie: NID=520=TnVObXFrcTwjYETZ82xcmY1p5HMhtacIwm_ad0w6hgRVvM3lRhVKd6v2Y-wG_K8ibSoMyXw0xXfsdFIamqme4LimVlsCA8OwejzbcPjKUM4WRWKNJnHklUfS0s_DyN4YBsrkLqWCW2yYGuDyMfwbQZ4NW6YIquhHCJqhzNqp-V_k2sLJGgdsfU0
                                                                                                              2025-01-02 19:32:32 UTC1243INHTTP/1.1 404 Not Found
                                                                                                              X-GUploader-UploadID: AFiumC54v3YBaaPzb0_ZVE03sOWPWWWR_MAHeJ8wQWZ5hP2L6u7gqqDGsncRDgc1zHLbfYSD
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Thu, 02 Jan 2025 19:32:32 GMT
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-6hxqI10Yk600NnN3iX8sAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Content-Length: 1652
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Content-Security-Policy: sandbox allow-scripts
                                                                                                              Connection: close
                                                                                                              2025-01-02 19:32:32 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                              Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                              2025-01-02 19:32:32 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 41 6d 52 4d 55 42 33 32 37 6b 73 6a 57 69 6f 4a 4b 53 36 52 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                              Data Ascii: t Found)!!1</title><style nonce="cAmRMUB327ksjWioJKS6RQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                              2025-01-02 19:32:32 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                              Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              General

                                                                                                              Target ID:0
                                                                                                              Start time:14:31:36
                                                                                                              Start date:02/01/2025
                                                                                                              Path:C:\Users\user\Desktop\file.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                              Imagebase:0x400000
                                                                                                              File size:5'844'992 bytes
                                                                                                              MD5 hash:0C5DC3D854163DB3F05E69DA8C482963
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:Borland Delphi
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000000.2053239114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                              Reputation:low
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:2
                                                                                                              Start time:14:31:36
                                                                                                              Start date:02/01/2025
                                                                                                              Path:C:\Users\user\Desktop\._cache_file.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\Desktop\._cache_file.exe"
                                                                                                              Imagebase:0x1000000
                                                                                                              File size:5'073'240 bytes
                                                                                                              MD5 hash:B88228D5FEF4B6DC019D69D4471F23EC
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                              Reputation:moderate
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:3
                                                                                                              Start time:14:31:37
                                                                                                              Start date:02/01/2025
                                                                                                              Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                              Imagebase:0x400000
                                                                                                              File size:771'584 bytes
                                                                                                              MD5 hash:7407C51DD7AC30C4D79658D991A8B5D6
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:Borland Delphi
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 100%, Avira
                                                                                                              • Detection: 100%, Avira
                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                              • Detection: 89%, ReversingLabs
                                                                                                              Reputation:low
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:4
                                                                                                              Start time:14:31:38
                                                                                                              Start date:02/01/2025
                                                                                                              Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                              Imagebase:0x260000
                                                                                                              File size:53'161'064 bytes
                                                                                                              MD5 hash:4A871771235598812032C822E6F68F19
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:5
                                                                                                              Start time:14:31:38
                                                                                                              Start date:02/01/2025
                                                                                                              Path:C:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:c:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exe
                                                                                                              Imagebase:0x680000
                                                                                                              File size:78'152 bytes
                                                                                                              MD5 hash:006F8A615020A4A17F5E63801485DF46
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                              Reputation:moderate
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:13
                                                                                                              Start time:14:32:40
                                                                                                              Start date:02/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 13876
                                                                                                              Imagebase:0x2e0000
                                                                                                              File size:483'680 bytes
                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:14
                                                                                                              Start time:14:33:41
                                                                                                              Start date:02/01/2025
                                                                                                              Path:C:\Windows\splwow64.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\splwow64.exe 12288
                                                                                                              Imagebase:0x7ff7edf20000
                                                                                                              File size:163'840 bytes
                                                                                                              MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:false

                                                                                                              Disassembly

                                                                                                              Reset < >

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:29.3%
                                                                                                                Dynamic/Decrypted Code Coverage:74.3%
                                                                                                                Signature Coverage:43.6%
                                                                                                                Total number of Nodes:690
                                                                                                                Total number of Limit Nodes:20
                                                                                                                execution_graph 2529 1005899 InitializeCriticalSectionAndSpinCount #17 GetProcessHeap 2593 1002fb2 2529->2593 2532 100590c 2595 100400d GetModuleFileNameA 2532->2595 2536 1005e6a 2541 1005e72 DeleteCriticalSection 2536->2541 2542 1005e83 ExitProcess 2536->2542 2537 1005960 CreateEventA CreateThread 2539 1005905 2537->2539 2540 1005989 WaitForSingleObject 2537->2540 3272 1003941 DialogBoxParamA 2537->3272 2538 1005919 2803 10027cb GetVersionExA 2538->2803 2866 1003892 2539->2866 2544 10059aa 2540->2544 2581 1005922 2540->2581 2541->2542 2545 10059e4 SendDlgItemMessageA SendDlgItemMessageA SendDlgItemMessageA 2544->2545 2546 10059b8 Sleep ShowWindow SetParent 2544->2546 2547 1005a25 2545->2547 2546->2547 2548 1005a96 2547->2548 2611 1003c0f CreateFileA 2547->2611 2618 1004f6b 2548->2618 2552 1005a39 2615 100673e 2552->2615 2553 1005b98 2559 1005ba8 CreateFileA 2553->2559 2554 1005a9b 2554->2553 2555 1005b53 2554->2555 2556 1005ab8 8 API calls 2554->2556 2703 10076cb 2555->2703 2556->2555 2560 1005bcb GetFileSize 2559->2560 2559->2581 2807 1003be7 RtlAllocateHeap 2560->2807 2561 1005b6d 2561->2553 2568 1005c3b 2561->2568 2561->2581 2562 1005a76 2562->2548 2564 1005a89 ShowWindow 2562->2564 2562->2581 2564->2548 2566 1005be9 ReadFile 2567 1005c1f CloseHandle 2566->2567 2569 1005c02 2566->2569 2570 1005c34 DeleteFileA 2567->2570 2567->2581 2571 1005c56 2568->2571 2714 10046b9 2568->2714 2569->2567 2570->2568 2572 1005dd6 2571->2572 2576 1005c76 2571->2576 2571->2581 2573 1005e15 2572->2573 2574 1005dde ShowWindow LoadStringA MessageBoxA 2572->2574 2573->2536 2579 1005dca 2573->2579 2574->2573 2577 1005c91 SetEnvironmentVariableA SetEnvironmentVariableA SetEnvironmentVariableA 2576->2577 2578 1005c7e SendDlgItemMessageA 2576->2578 2795 10037bf GetEnvironmentVariableA 2577->2795 2578->2577 2579->2573 2579->2581 2829 1003972 OpenEventA 2579->2829 2581->2536 2581->2539 2584 1005cca ExpandEnvironmentStringsA 2584->2539 2585 1005cec 2584->2585 2585->2539 2586 1005d36 CreateProcessA 2585->2586 2586->2539 2587 1005d80 2586->2587 2588 1005d95 WaitForSingleObject GetExitCodeProcess CloseHandle 2587->2588 2589 1005d88 ShowWindow 2587->2589 2811 1002821 2588->2811 2589->2588 2594 1002fb4 CreateEventA 2593->2594 2594->2532 2594->2539 2596 1004030 2595->2596 2878 1003e3a 2596->2878 2601 1004475 2601->2537 2601->2538 2602 100406d 2603 100421e GetFileAttributesA 2602->2603 2607 1004241 2602->2607 2603->2602 2603->2607 2604 1004333 _strnicmp 2605 100436a _strnicmp 2604->2605 2604->2607 2605->2607 2606 1004448 _strnicmp 2606->2607 2607->2601 2607->2604 2607->2606 2608 100441c _strnicmp 2607->2608 2609 10043e8 _strnicmp 2607->2609 2610 1003892 29 API calls 2607->2610 2608->2607 2609->2607 2610->2605 2612 1003c37 2611->2612 2613 1003c3d SetFilePointer 2611->2613 2614 1003892 29 API calls 2612->2614 2613->2552 2614->2613 2908 1003c58 ReadFile 2615->2908 2616 1006756 2616->2562 2619 1004fe4 2618->2619 2620 1004ff0 2618->2620 2621 10045eb 36 API calls 2619->2621 2624 100555c 2620->2624 2912 1003d02 AllocateAndInitializeSid 2620->2912 2621->2620 2628 10062ff 4 API calls 2624->2628 2625 1005022 InitializeSecurityDescriptor 2626 10050b5 2625->2626 2627 1005038 InitializeAcl 2625->2627 2629 10050e6 GetSystemDirectoryA 2626->2629 2633 10050d1 GetCurrentDirectoryA 2626->2633 2627->2626 2631 1005050 AddAccessAllowedAce 2627->2631 2632 1005567 2628->2632 2926 10029c2 GetSystemDirectoryA 2629->2926 2630 1003892 29 API calls 2635 100559d 2630->2635 2631->2626 2636 1005071 AddAccessAllowedAce 2631->2636 2632->2554 2637 10054ce 2633->2637 2641 1005702 2635->2641 2642 10055d2 2635->2642 2700 10055e4 2635->2700 2636->2626 2639 1005087 AddAccessAllowedAce 2636->2639 2643 1005570 2637->2643 2647 10054e8 2637->2647 2638 1005112 2646 100512c QueryDosDeviceA 2638->2646 2675 1005295 2638->2675 2677 10051c5 GetDiskFreeSpaceA 2638->2677 2938 1002b13 GetDriveTypeA 2638->2938 2946 10028d9 SetErrorMode SetErrorMode GetTickCount 2638->2946 2639->2626 2640 100509d SetSecurityDescriptorDacl 2639->2640 2640->2626 2644 100572a 2641->2644 2649 1005712 strstr 2641->2649 2653 10055ec DosDateTimeToFileTime LocalFileTimeToFileTime SetFileTime CloseHandle 2642->2653 2642->2700 2643->2624 2648 10045eb 36 API calls 2643->2648 2650 1005789 2644->2650 2657 100573a _stricmp 2644->2657 2645 10062ff 4 API calls 2651 1005892 2645->2651 2646->2638 2652 100515b _strlwr strstr 2646->2652 2647->2624 2654 10054ed DialogBoxParamA 2647->2654 2666 100501b 2647->2666 2685 10045eb 36 API calls 2647->2685 2656 100558a 2648->2656 2649->2644 2649->2700 2655 10057ad 2650->2655 2662 100579e SendDlgItemMessageA 2650->2662 2674 100564d 2650->2674 2651->2554 2652->2638 2658 1005184 strstr 2652->2658 2659 1005644 2653->2659 2660 1005667 2653->2660 2654->2647 2654->2666 2969 100447f 2655->2969 2656->2624 2656->2666 2657->2650 2664 100574e 2657->2664 2658->2638 2661 1005657 SendDlgItemMessageA 2659->2661 2659->2674 2663 10056a0 2660->2663 2670 1005684 MoveFileExA 2660->2670 2661->2660 2662->2655 2671 1003e3a 30 API calls 2663->2671 2663->2700 2667 1003be7 30 API calls 2664->2667 2666->2630 2667->2674 2668 1003892 29 API calls 2668->2700 2670->2663 2670->2674 2683 10056b0 2671->2683 2674->2668 2674->2700 2675->2666 2680 1005347 CryptAcquireContextA 2675->2680 2676 1005836 CreateFileA 2678 10057e4 GetLastError 2676->2678 2679 100585a SetFilePointer SetEndOfFile SetFilePointer 2676->2679 2677->2638 2682 100581a 2678->2682 2692 10057ef 2678->2692 2679->2700 2681 100545a 2680->2681 2691 1005365 2680->2691 2689 1005471 GetSystemTime SystemTimeToFileTime 2681->2689 2682->2674 2974 1004590 2682->2974 2688 1003e3a 30 API calls 2683->2688 2684 100537c CryptGenRandom 2690 1005392 sprintf 2684->2690 2684->2691 2685->2647 2693 10056e5 2688->2693 2979 1002cae 2689->2979 2690->2691 2691->2684 2697 10053c6 sprintf 2691->2697 2699 1005443 CryptReleaseContext 2691->2699 2956 10045eb 2691->2956 2692->2676 2692->2682 2983 10044ad 2692->2983 2695 1003e3a 30 API calls 2693->2695 2695->2700 2697->2691 2697->2697 2699->2637 2699->2681 2700->2645 2701 10045eb 36 API calls 2702 10054bd 2701->2702 2702->2637 2702->2666 2704 1007710 2703->2704 2992 1006f96 2704->2992 2706 1007720 2708 10077e2 2706->2708 3012 1006a49 2706->3012 2708->2561 2710 100774f 2710->2708 2711 1006a49 SetFilePointer 2710->2711 2713 1004f6b 102 API calls 2710->2713 3015 1006ef2 2710->3015 3020 1007575 2710->3020 2711->2710 2713->2710 3156 10061d3 2714->3156 2716 1004906 2717 10061d3 6 API calls 2716->2717 2733 1004916 2717->2733 2718 1004ae3 2721 10061d3 6 API calls 2718->2721 2720 100471e SendDlgItemMessageA 2739 10046ee 2720->2739 2734 1004af3 2721->2734 2722 1004cac 3161 100370b 2722->3161 2725 100608f 6 API calls 2725->2733 2726 100495d SendDlgItemMessageA 2726->2733 2727 10061d3 6 API calls 2743 1004cc2 2727->2743 2728 100608f 6 API calls 2728->2734 2729 1004b3b SendDlgItemMessageA 2729->2734 2730 1004e22 3164 10061f9 2730->3164 2732 1004e38 2735 1004ea8 2732->2735 2750 1004e57 strchr 2732->2750 2733->2718 2733->2725 2733->2726 2736 10049c6 strstr 2733->2736 2734->2722 2734->2728 2734->2729 2741 1004b88 _strlwr 2734->2741 2742 10061f9 7 API calls 2735->2742 2736->2733 2738 10049e2 2736->2738 2737 10047ba strstr 2737->2739 2740 10047d6 2737->2740 2746 1004590 31 API calls 2738->2746 2755 100447f 30 API calls 2738->2755 2739->2716 2739->2720 2739->2737 3195 100608f 2739->3195 2747 1004590 31 API calls 2740->2747 2756 100447f 30 API calls 2740->2756 2748 100360c 11 API calls 2741->2748 2764 1004eb9 2742->2764 2743->2730 2744 100608f 6 API calls 2743->2744 2745 1004cfb strstr 2743->2745 2744->2743 2745->2743 2749 1004d17 FindFirstFileA 2745->2749 2746->2738 2747->2740 2777 1004ba1 2748->2777 2749->2743 2753 1004d3a strrchr 2749->2753 2754 1004e75 2750->2754 2792 1004e94 2750->2792 2751 1004f51 2757 10062ff 4 API calls 2751->2757 2752 1004f3f SendDlgItemMessageA 2752->2751 2774 1004d4e 2753->2774 2770 1003e3a 30 API calls 2754->2770 2758 1004a01 SetFileAttributesA CopyFileA 2755->2758 2759 10047f5 SetFileAttributesA 2756->2759 2763 1004f62 2757->2763 2766 1004aa7 SetFileAttributesA 2758->2766 2767 1004a2e GetLastError 2758->2767 3172 100360c 2759->3172 2761 1004c37 _strlwr 2761->2777 2762 1004bca GetLastError 2762->2777 2763->2571 2768 1003e3a 30 API calls 2764->2768 2764->2792 2765 1004de1 FindNextFileA 2771 1004dfc FindClose 2765->2771 2765->2774 2766->2733 2767->2766 2783 1004a39 2767->2783 2773 1004ee1 2768->2773 2769 1004d63 SendDlgItemMessageA 2769->2774 2770->2792 2771->2743 2772 10044ad 34 API calls 2772->2777 2781 1003e3a 30 API calls 2773->2781 2774->2765 2774->2769 2774->2774 2776 1004d91 DeleteFileA 2774->2776 2775 100453f 35 API calls 2775->2783 2776->2765 2780 1004da2 Sleep SetFileAttributesA DeleteFileA 2776->2780 2777->2734 2777->2761 2777->2762 2777->2772 2779 1004be6 MoveFileA 2777->2779 2789 1004c11 MoveFileA 2777->2789 2778 1004848 GetLastError 2778->2739 2793 1004812 2778->2793 2779->2777 2780->2765 2782 1004dd0 2780->2782 2786 1004f0a strrchr 2781->2786 2787 100447f 30 API calls 2782->2787 2783->2766 2783->2775 2784 1004a79 CopyFileA 2783->2784 2788 100373c 2 API calls 2784->2788 2790 1004f24 2786->2790 2787->2765 2788->2783 2789->2777 2791 1003e3a 30 API calls 2790->2791 2791->2792 2792->2751 2792->2752 2793->2739 2793->2778 3183 100453f 2793->3183 3190 100373c 2793->3190 2796 1003889 2795->2796 2797 10037dd 2795->2797 2796->2584 2796->2585 2798 10037f3 CreateFileA 2797->2798 2798->2796 2799 1003817 WriteFile 2798->2799 2800 1003863 2799->2800 2801 1003876 CloseHandle 2799->2801 2800->2801 2802 1003868 SetEnvironmentVariableA 2800->2802 2801->2796 2802->2796 2804 10027f9 2803->2804 2805 10062ff 4 API calls 2804->2805 2806 100281a 2805->2806 2806->2537 2806->2581 2808 1003c01 2807->2808 2809 1003c08 2807->2809 2810 1003892 29 API calls 2808->2810 2809->2566 2809->2567 2810->2809 2812 10028b4 2811->2812 2813 1002835 SetFilePointer ReadFile 2811->2813 2812->2579 2816 1002d78 EnterCriticalSection 2812->2816 2813->2812 2814 1002863 2813->2814 2814->2812 2815 100287d _snprintf 2814->2815 2815->2812 2817 1002da1 2816->2817 2818 1002d97 CloseHandle 2816->2818 2819 1002dab CloseHandle 2817->2819 2823 1002db5 2817->2823 2818->2817 2819->2823 2820 1002dcf DeleteFileA 2822 1002dda GetLastError 2820->2822 2820->2823 2821 1002e3f LeaveCriticalSection 2821->2579 2822->2823 2823->2820 2825 1002dea MoveFileExA 2823->2825 2826 1002dfd 2823->2826 2824 1002e11 RemoveDirectoryA 2824->2826 2827 1002e1c GetLastError 2824->2827 2825->2823 2826->2821 2826->2824 2828 1002e2c MoveFileExA 2826->2828 2827->2826 2828->2826 3221 100346e 2829->3221 2832 10039c3 WaitForSingleObject CloseHandle 2834 10039ef 2832->2834 2833 10039d8 Sleep 2833->2834 3230 10034f4 2834->3230 2838 1003a09 2840 100346e 8 API calls 2838->2840 2839 1003a1a LoadLibraryA 2841 1003a41 WaitForSingleObject 2839->2841 2842 1003a2f GetProcAddress 2839->2842 2843 1003a13 2840->2843 2852 1003a52 2841->2852 2854 1003a5a 2841->2854 2842->2841 2846 10062ff 4 API calls 2843->2846 2844 1003bb8 3245 100358b 2844->3245 2845 1003bac FreeLibrary 2845->2844 2849 1003bde 2846->2849 2847 1003a82 InitiateSystemShutdownA 2847->2854 2849->2581 2850 1003a9b GetLastError 2850->2852 2850->2854 2852->2844 2852->2845 2853 1003ab0 WaitForSingleObject 2853->2852 2853->2854 2854->2847 2854->2850 2854->2852 2854->2853 2856 1003acd GetLastError 2854->2856 2855 100346e 8 API calls 2855->2843 3240 1003791 2856->3240 2858 1003ae6 2859 100346e 8 API calls 2858->2859 2860 1003af5 GetVersionExA 2859->2860 2860->2852 2861 1003b1b GetVersionExA 2860->2861 2861->2852 2862 1003b37 GetSystemDirectoryA 2861->2862 2862->2852 2863 1003b4d strchr CreateFileA 2862->2863 2863->2852 2864 1003b85 FlushFileBuffers CloseHandle 2863->2864 2864->2852 2865 1003b99 NtShutdownSystem 2864->2865 2865->2852 2867 10038a6 GetLastError 2866->2867 2868 10038ae 2866->2868 2867->2868 2869 100390f 2868->2869 3266 1002d09 2868->3266 2870 1002d78 10 API calls 2869->2870 2874 1003914 2870->2874 2873 100346e 8 API calls 2875 10038d5 LoadStringA MessageBoxA 2873->2875 2876 1003922 DeleteCriticalSection 2874->2876 2877 1003934 ExitProcess 2874->2877 2875->2869 2876->2877 2879 1003e45 2878->2879 2879->2879 2880 1003be7 30 API calls 2879->2880 2881 1003e59 2880->2881 2882 1003016 CreateFileA 2881->2882 2883 1003055 ReadFile 2882->2883 2884 10033c9 2882->2884 2885 10033bb CloseHandle 2883->2885 2886 100307d 2883->2886 2903 10062ff 2884->2903 2885->2884 2886->2885 2889 10030d4 2886->2889 2890 1003094 SetFilePointer 2886->2890 2888 10033d2 GetCommandLineA 2888->2602 2889->2885 2892 100311e RtlAllocateHeap 2889->2892 2890->2885 2891 10030b4 ReadFile 2890->2891 2891->2885 2891->2889 2892->2885 2893 100313f SetFilePointer 2892->2893 2893->2885 2894 1003159 ReadFile 2893->2894 2894->2885 2896 1003175 2894->2896 2895 10031e5 2895->2885 2896->2885 2896->2895 2897 10032a2 WideCharToMultiByte 2896->2897 2898 1003311 HeapAlloc 2896->2898 2901 1003378 HeapAlloc 2896->2901 2897->2896 2898->2885 2899 100332e WideCharToMultiByte GetEnvironmentVariableA 2898->2899 2899->2896 2900 1003350 WideCharToMultiByte 2899->2900 2900->2896 2901->2885 2902 100338d WideCharToMultiByte SetEnvironmentVariableA 2901->2902 2902->2896 2904 1006310 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2903->2904 2905 1006307 2903->2905 2904->2888 2905->2904 2906 100630f 2905->2906 2906->2888 2909 1003c76 2908->2909 2910 1003c7d 2908->2910 2911 1003892 29 API calls 2909->2911 2910->2616 2911->2910 2913 1003d57 GetCurrentProcess OpenProcessToken 2912->2913 2914 1003d6e 2912->2914 2913->2914 2915 1003d75 GetTokenInformation 2913->2915 2916 10062ff 4 API calls 2914->2916 2915->2914 2917 1003d99 GetLengthSid 2915->2917 2918 1003e31 2916->2918 2919 1003be7 30 API calls 2917->2919 2918->2625 2918->2666 2920 1003dae 2919->2920 2921 1003db5 GetTokenInformation 2920->2921 2925 1003dfa 2920->2925 2921->2914 2922 1003de6 GetLengthSid 2921->2922 2924 1003be7 30 API calls 2922->2924 2923 1003892 29 API calls 2923->2914 2924->2925 2925->2914 2925->2923 2927 1002a0a LoadLibraryA 2926->2927 2928 1002afc 2926->2928 2927->2928 2932 1002a3b GetProcAddress 2927->2932 2929 10062ff 4 API calls 2928->2929 2930 1002b0c 2929->2930 2930->2638 2933 1002af5 FreeLibrary 2932->2933 2934 1002a57 GetProcAddress 2932->2934 2933->2928 2934->2933 2935 1002a6d GetProcAddress 2934->2935 2936 1002a8e 2935->2936 2937 1002a7c GetProcAddress 2935->2937 2936->2933 2937->2936 2939 1002b60 CreateFileA 2938->2939 2940 1002b4f 2938->2940 2939->2940 2941 1002b82 DeviceIoControl 2939->2941 2943 10062ff 4 API calls 2940->2943 2942 1002b9f CloseHandle 2941->2942 2942->2940 2945 1002bbb 2943->2945 2945->2638 2947 100291e sprintf CreateDirectoryA 2946->2947 2948 1002954 GetLastError 2947->2948 2949 1002975 RemoveDirectoryA 2947->2949 2950 10029a0 SetErrorMode 2948->2950 2951 1002961 2948->2951 2952 1002973 2949->2952 2953 1002986 MoveFileExA 2949->2953 2954 10062ff 4 API calls 2950->2954 2951->2947 2951->2952 2952->2950 2953->2952 2955 10029b9 2954->2955 2955->2638 2957 100460b 2956->2957 2958 1004590 31 API calls 2957->2958 2959 1004651 2958->2959 2960 10046a1 2959->2960 2961 1004657 GetFileAttributesA 2959->2961 2963 10062ff 4 API calls 2960->2963 2961->2960 2962 1004669 2961->2962 2962->2960 2964 100466d LoadLibraryA 2962->2964 2965 10046b0 2963->2965 2964->2960 2966 100467c GetProcAddress 2964->2966 2965->2691 2966->2960 2967 100468c DecryptFileA 2966->2967 2967->2960 2968 100469b GetLastError 2967->2968 2968->2960 2970 1003be7 30 API calls 2969->2970 2971 100448c 2970->2971 2972 1003e3a 30 API calls 2971->2972 2973 1004497 2972->2973 2973->2676 2975 10045dd 2974->2975 2978 10045ac 2974->2978 2975->2676 2976 10045b1 CreateDirectoryA 2976->2978 2977 100447f 30 API calls 2977->2978 2978->2975 2978->2976 2978->2977 2980 1002ccc 2979->2980 2981 10062ff 4 API calls 2980->2981 2982 1002d00 2981->2982 2982->2701 2984 10044c1 2983->2984 2984->2984 2985 10044cb strrchr 2984->2985 2986 10044dc _stricmp 2985->2986 2987 100452c 2985->2987 2986->2987 2988 10044ee 2986->2988 2987->2692 2989 10044f1 sprintf GetFileAttributesA 2988->2989 2989->2989 2990 1004521 2989->2990 2991 100447f 30 API calls 2990->2991 2991->2987 2993 1006fbd 2992->2993 3009 1003c0f 31 API calls 2993->3009 2994 1006fdd 3006 1007024 2994->3006 3011 1003c0f 31 API calls 2994->3011 2995 1006ffb 2995->3006 3008 1003c58 30 API calls 2995->3008 2996 100701c 2997 100718d 2996->2997 2996->3006 3034 10069bb 2996->3034 3000 10071ca 2997->3000 3001 10069bb SetFilePointer 2997->3001 2997->3006 2999 1007177 3002 10069bb SetFilePointer 2999->3002 2999->3006 3000->3006 3031 1002c7c 3000->3031 3003 10071b8 3001->3003 3002->2997 3005 10069bb SetFilePointer 3003->3005 3003->3006 3004 10071ea 3004->3006 3007 1002c7c SetFilePointer 3004->3007 3005->3000 3006->2706 3007->3006 3008->2996 3009->2994 3011->2995 3014 1002c7c SetFilePointer 3012->3014 3013 1006a60 3013->2710 3014->3013 3019 1003c58 30 API calls 3015->3019 3016 1006f0a 3017 10069bb SetFilePointer 3016->3017 3018 1006f24 3016->3018 3017->3018 3018->2710 3019->3016 3021 1007632 3020->3021 3022 100758b 3020->3022 3030 1004f6b 102 API calls 3021->3030 3039 100750b 3022->3039 3024 1007609 3024->2710 3025 10075ab 3025->3024 3026 1007463 34 API calls 3025->3026 3027 10075c5 3025->3027 3026->3025 3027->3021 3027->3024 3045 1003c87 3027->3045 3051 1007463 3027->3051 3030->3024 3032 1002c92 SetFilePointer 3031->3032 3033 1002c8a 3031->3033 3032->3004 3033->3032 3038 1002c7c SetFilePointer 3034->3038 3035 10069d3 3035->3035 3036 1006a23 3035->3036 3037 1002c7c SetFilePointer 3035->3037 3036->2999 3037->3036 3038->3035 3040 100751d 3039->3040 3041 1007522 3039->3041 3040->3025 3041->3040 3063 1007241 3041->3063 3043 1007551 3043->3040 3044 1007463 34 API calls 3043->3044 3044->3040 3046 1003cdc WriteFile 3045->3046 3048 1003c95 3045->3048 3047 1003cf5 3046->3047 3046->3048 3049 1003892 29 API calls 3047->3049 3048->3027 3050 1003cfc 3049->3050 3052 1007480 3051->3052 3053 1007486 3051->3053 3102 1007339 3052->3102 3057 10074de 3053->3057 3097 100687b 3053->3097 3056 1007499 3056->3057 3058 10074bf 3056->3058 3059 1007339 34 API calls 3056->3059 3057->3027 3058->3057 3109 1006da8 3058->3109 3061 10074ad 3059->3061 3061->3057 3062 100687b 30 API calls 3061->3062 3062->3058 3069 1002c7c SetFilePointer 3063->3069 3064 1007273 3068 10072d1 3064->3068 3070 1003c58 30 API calls 3064->3070 3065 1007291 3065->3068 3071 1002c7c SetFilePointer 3065->3071 3066 10072b0 3066->3068 3072 1006f44 3066->3072 3068->3043 3069->3064 3070->3065 3071->3066 3073 1006f60 3072->3073 3074 1006f5b 3072->3074 3073->3074 3076 1006b75 3073->3076 3074->3068 3077 1006ba5 3076->3077 3078 1006be2 3076->3078 3077->3078 3079 1007942 30 API calls 3077->3079 3081 1006bae 3077->3081 3078->3081 3083 1003be7 30 API calls 3078->3083 3079->3078 3080 1006c5c 3080->3081 3084 1007942 3080->3084 3081->3074 3083->3080 3085 100795d 3084->3085 3086 100795f 3084->3086 3085->3081 3088 1007984 3086->3088 3089 1007b55 3086->3089 3088->3081 3090 1007bad 3089->3090 3092 1007bb3 3089->3092 3093 1007bce 3090->3093 3092->3088 3094 1007be6 3093->3094 3094->3094 3096 1003be7 30 API calls 3094->3096 3095 1007c15 3095->3092 3096->3095 3100 1003c58 30 API calls 3097->3100 3098 100689e 3099 10068dc 3098->3099 3101 1003c58 30 API calls 3098->3101 3099->3056 3100->3098 3101->3099 3105 1007387 3102->3105 3103 1006f96 33 API calls 3103->3105 3104 1007417 3104->3053 3105->3103 3105->3104 3106 1007241 32 API calls 3105->3106 3107 100740e 3105->3107 3106->3105 3107->3104 3108 1006ef2 31 API calls 3107->3108 3108->3107 3110 1006dc8 3109->3110 3111 1006dd1 3109->3111 3110->3111 3113 1007a04 3110->3113 3111->3057 3114 1007a19 3113->3114 3115 1007a1e 3113->3115 3114->3111 3116 1007a29 3115->3116 3118 1007af2 3115->3118 3116->3111 3119 1007b20 3118->3119 3122 1007e0d 3119->3122 3127 1007e23 3122->3127 3123 1008002 3140 10090c9 3123->3140 3125 1007b29 3125->3116 3127->3123 3127->3125 3129 1009507 3127->3129 3133 1009438 3127->3133 3131 100951a 3129->3131 3130 1009534 3130->3127 3131->3130 3144 1009769 3131->3144 3148 100911e 3133->3148 3136 100911e 4 API calls 3137 1009487 3136->3137 3138 100911e 4 API calls 3137->3138 3139 1009460 3137->3139 3138->3139 3139->3127 3141 1009114 3140->3141 3142 10090dc 3140->3142 3141->3125 3142->3141 3152 1007d48 3142->3152 3145 1009796 3144->3145 3146 10062ff 4 API calls 3145->3146 3147 100988d 3146->3147 3147->3130 3151 1009146 3148->3151 3149 10062ff 4 API calls 3150 100942b 3149->3150 3150->3136 3150->3139 3151->3149 3153 1007d67 3152->3153 3154 10062ff 4 API calls 3153->3154 3155 1007e04 3154->3155 3155->3141 3199 1005f91 3156->3199 3159 10061f0 3159->2739 3160 100608f 6 API calls 3160->3159 3162 1003722 3161->3162 3163 1003714 FreeLibrary 3161->3163 3162->2727 3163->3162 3165 10061d3 6 API calls 3164->3165 3168 1006219 3165->3168 3166 1006276 3167 10062ff 4 API calls 3166->3167 3169 1006283 3167->3169 3168->3166 3170 100622d _strlwr 3168->3170 3171 100608f 6 API calls 3168->3171 3169->2732 3170->3168 3171->3168 3173 10036d3 3172->3173 3174 100362f 3172->3174 3175 10062ff 4 API calls 3173->3175 3176 10061f9 7 API calls 3174->3176 3177 1003702 3175->3177 3178 1003640 3176->3178 3177->2793 3179 1003672 GetSystemDirectoryA 3178->3179 3180 100365d 3178->3180 3179->3180 3181 1003698 LoadLibraryA 3180->3181 3181->3173 3182 10036ae GetProcAddress GetProcAddress 3181->3182 3182->3173 3184 10044ad 34 API calls 3183->3184 3185 1004555 3184->3185 3186 10044ad 34 API calls 3185->3186 3187 1004561 3186->3187 3188 1004572 MoveFileA 3187->3188 3189 1004580 3187->3189 3188->3189 3189->2793 3191 100375b 3190->3191 3192 100374d MoveFileA 3190->3192 3193 1003765 MoveFileExA 3191->3193 3194 1003775 3191->3194 3192->3191 3193->3194 3194->2793 3197 1006097 3195->3197 3196 10060b5 3196->2739 3197->3196 3214 1006010 3197->3214 3206 1005ef7 3199->3206 3201 1005ffb 3202 10062ff 4 API calls 3201->3202 3203 1006007 3202->3203 3203->3159 3203->3160 3204 1005fb1 3204->3201 3210 1005f6e 3204->3210 3207 1005f0a 3206->3207 3208 1005f42 3207->3208 3209 1005f46 strncpy _strlwr 3207->3209 3208->3204 3209->3208 3211 1005f7b 3210->3211 3212 1005ef7 2 API calls 3211->3212 3213 1005f88 3212->3213 3213->3204 3215 1005f6e 2 API calls 3214->3215 3219 1006030 3215->3219 3216 100607a 3217 10062ff 4 API calls 3216->3217 3218 1006086 3217->3218 3218->3197 3219->3216 3220 1005f6e 2 API calls 3219->3220 3220->3219 3222 1003494 3221->3222 3223 1003489 CloseHandle 3221->3223 3224 10034cc 3222->3224 3225 100349d CreateFileA 3222->3225 3223->3222 3226 10034e7 3224->3226 3227 10034dd CloseHandle 3224->3227 3225->3226 3228 10034c4 3225->3228 3226->2832 3226->2833 3227->3226 3255 10033db GetLastError 3228->3255 3231 1003517 3230->3231 3232 1003526 NtOpenProcessToken 3231->3232 3239 1003542 3231->3239 3233 1003538 3232->3233 3236 1003544 NtAdjustPrivilegesToken 3232->3236 3235 100346e 8 API calls 3233->3235 3235->3239 3237 1003579 NtClose 3236->3237 3238 100356e NtClose 3236->3238 3237->3239 3238->3239 3239->2838 3239->2839 3241 10037a6 3240->3241 3242 100379f 3240->3242 3263 1002779 3241->3263 3242->2858 3246 1003599 NtOpenProcessToken 3245->3246 3247 10035b5 3245->3247 3248 10035b7 NtAdjustPrivilegesToken 3246->3248 3249 10035ab 3246->3249 3247->2843 3247->2855 3251 10035d9 3248->3251 3252 10035cb NtClose 3248->3252 3250 100346e 8 API calls 3249->3250 3250->3247 3253 100346e 8 API calls 3251->3253 3252->3247 3254 10035e3 NtClose 3253->3254 3254->3247 3256 1003455 3255->3256 3257 10033f8 SetFilePointer 3255->3257 3259 1003458 SetLastError 3256->3259 3258 1003409 3257->3258 3258->3258 3260 1003410 WriteFile 3258->3260 3259->3224 3260->3259 3261 100342d WriteFile 3260->3261 3261->3256 3261->3259 3264 100278f _vsnprintf 3263->3264 3265 1002788 3263->3265 3264->3265 3265->2858 3267 1002d34 FormatMessageA 3266->3267 3268 1002d1d LoadStringA 3266->3268 3269 1002d6e 3267->3269 3270 1002d65 3267->3270 3268->3267 3268->3269 3269->2873 3271 1002cae 4 API calls 3270->3271 3271->3269 3273 1003963 3272->3273 3274 100396a 3272->3274 3275 1003892 29 API calls 3273->3275 3275->3274 3289 1003e7a 3290 1003e9f 3289->3290 3301 1003f96 EndDialog 3289->3301 3292 1003f99 LoadStringA SendMessageA SendDlgItemMessageA SendDlgItemMessageA 3290->3292 3293 1003eaa 3290->3293 3294 1003ec4 3292->3294 3293->3294 3295 1003eb8 3293->3295 3296 1003f6c SendDlgItemMessageA 3293->3296 3299 10062ff 4 API calls 3294->3299 3297 1003ebf 3295->3297 3295->3301 3298 1003e3a 30 API calls 3296->3298 3297->3294 3300 1003ecb LoadStringA SHBrowseForFolderA 3297->3300 3298->3301 3302 1004004 3299->3302 3303 1003f35 SHGetPathFromIDListA 3300->3303 3304 1003f5a SendMessageA 3300->3304 3301->3294 3303->3304 3305 1003f47 SendDlgItemMessageA 3303->3305 3304->3294 3305->3304 3306 1002c4b 3307 1002c5c CloseHandle 3306->3307 3308 1002c6b 3306->3308 3307->3308 3309 100654b _XcptFilter 3310 100628c 3311 10062a4 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 3310->3311 3312 100629d 3310->3312 3313 10062e7 3311->3313 3312->3311 3312->3313 3314 1002c2e HeapFree 3276 10063ff 3279 100640b 3276->3279 3277 100646e __set_app_type __p__fmode __p__commode 3278 10064b6 3277->3278 3280 10064cb 3278->3280 3281 10064bf __setusermatherr 3278->3281 3279->3277 3288 10065a1 _controlfp 3280->3288 3281->3280 3283 10064d0 _initterm __getmainargs _initterm 3284 100652e 3283->3284 3285 1006543 _cexit 3284->3285 3286 100653c exit 3284->3286 3287 1006578 3285->3287 3286->3285 3288->3283 3315 100655f 3316 1006572 _c_exit 3315->3316 3317 100656b _exit 3315->3317 3318 1006578 3316->3318 3317->3316

                                                                                                                Callgraph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                • Opacity -> Relevance
                                                                                                                • Disassembly available
                                                                                                                callgraph 0 Function_01003D02 74 Function_01003892 0->74 112 Function_01003BE7 0->112 123 Function_010062FF 0->123 1 Function_01007A04 115 Function_01007AF2 1->115 2 Function_01008906 3 Function_01009507 43 Function_0100815F 3->43 48 Function_01009769 3->48 4 Function_01002D09 85 Function_01002CAE 4->85 5 Function_0100370B 6 Function_0100750B 27 Function_01006D3D 6->27 31 Function_01007241 6->31 45 Function_01007463 6->45 7 Function_0100360C 94 Function_010060BE 7->94 97 Function_01002BC4 7->97 119 Function_010061F9 7->119 7->123 8 Function_01007E0D 8->3 14 Function_0100821C 8->14 21 Function_01008038 8->21 22 Function_01009438 8->22 8->43 47 Function_01009064 8->47 67 Function_0100818B 8->67 88 Function_010088B4 8->88 100 Function_010090C9 8->100 9 Function_0100400D 13 Function_01003016 9->13 24 Function_01002F3A 9->24 25 Function_01003E3A 9->25 9->74 10 Function_01003C0F 10->74 11 Function_01006010 51 Function_01005F6E 11->51 11->123 12 Function_01002B13 12->123 110 Function_01002FE1 13->110 13->123 15 Function_0100911E 41 Function_01009558 15->41 15->43 81 Function_010080A3 15->81 15->123 16 Function_01006621 17 Function_01002821 18 Function_01002C2E 19 Function_01007D30 20 Function_01002F34 22->15 22->41 23 Function_01007339 23->31 76 Function_01006F96 23->76 87 Function_010078B4 23->87 114 Function_01006EF2 23->114 25->112 26 Function_0100373C 42 Function_01007A59 27->42 66 Function_0100378B 27->66 27->87 28 Function_0100673E 40 Function_01003C58 28->40 28->87 29 Function_0100453F 84 Function_010044AD 29->84 30 Function_01003941 30->74 33 Function_01006F44 31->33 31->40 59 Function_01002C7C 31->59 31->87 32 Function_01007942 39 Function_01007B55 32->39 53 Function_01006B75 33->53 33->87 120 Function_01006AFC 33->120 34 Function_01007D48 34->123 35 Function_01006A49 35->59 35->87 36 Function_01002C4B 37 Function_0100654B 38 Function_01007C51 99 Function_01007AC6 39->99 103 Function_01007BCE 39->103 40->74 42->99 43->81 44 Function_0100655F 116 Function_010065F3 44->116 45->23 58 Function_0100687B 45->58 83 Function_01006DA8 45->83 45->87 46 Function_01006663 47->2 98 Function_01008CC5 47->98 48->123 49 Function_01004F6B 49->0 49->12 49->25 60 Function_0100447F 49->60 71 Function_01004590 49->71 49->74 49->84 49->85 96 Function_010029C2 49->96 49->97 108 Function_010028D9 49->108 49->112 113 Function_010045EB 49->113 49->123 50 Function_0100346E 109 Function_010033DB 50->109 118 Function_01005EF7 51->118 52 Function_01003972 52->50 65 Function_0100358B 52->65 73 Function_01003791 52->73 117 Function_010034F4 52->117 52->123 53->32 62 Function_01003783 53->62 53->87 53->112 54 Function_01007575 54->6 54->45 54->49 64 Function_01003C87 54->64 54->87 55 Function_01002D78 56 Function_01002779 57 Function_01003E7A 57->25 57->123 58->40 58->87 107 Function_010078D7 58->107 60->25 60->112 61 Function_01007A7F 89 Function_01007AB6 61->89 63 Function_01008286 64->74 65->50 68 Function_0100628C 69 Function_0100618D 70 Function_0100608F 70->11 104 Function_01005ECE 70->104 71->60 72 Function_01005F91 72->51 72->118 72->123 73->56 74->4 74->50 74->55 75 Function_01008093 76->10 76->16 76->40 76->59 76->87 92 Function_01006EBA 76->92 93 Function_010069BB 76->93 105 Function_010067D1 76->105 77 Function_01005899 77->9 77->10 77->17 77->28 77->30 77->49 77->52 77->55 77->74 82 Function_010066A7 77->82 86 Function_01002FB2 77->86 91 Function_010046B9 77->91 95 Function_010037BF 77->95 77->97 101 Function_010076CB 77->101 102 Function_010027CB 77->102 77->112 78 Function_01005E9C 79 Function_0100859D 80 Function_010065A1 82->87 83->1 83->66 83->87 84->60 85->123 88->63 88->79 90 Function_010065B8 91->5 91->7 91->25 91->26 91->29 91->60 91->69 91->70 91->71 91->84 91->94 91->97 106 Function_010061D3 91->106 91->119 91->123 92->16 92->46 93->59 93->87 95->97 96->123 99->19 99->38 111 Function_01007CE1 99->111 100->34 101->16 101->35 101->49 101->54 101->76 101->87 101->114 102->123 103->112 104->78 105->87 106->70 106->72 108->123 112->74 113->71 113->123 114->40 114->87 114->93 115->8 115->75 117->50 118->104 119->70 119->94 119->106 119->123 120->61 120->66 120->87 121 Function_010035FC 122 Function_010063FF 122->62 122->80 122->90 122->116

                                                                                                                Executed Functions

                                                                                                                Function 01005899 Relevance: 94.9, APIs: 42, Strings: 12, Instructions: 429memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 0 1005899-1005903 InitializeCriticalSectionAndSpinCount #17 GetProcessHeap call 1002fb2 CreateEventA 3 1005905-1005907 0->3 4 100590c-1005917 call 100400d 0->4 5 1005e65 call 1003892 3->5 10 1005960-1005980 CreateEventA CreateThread 4->10 11 1005919-1005920 call 10027cb 4->11 9 1005e6a-1005e70 5->9 14 1005e72-1005e7d DeleteCriticalSection 9->14 15 1005e83-1005e86 ExitProcess 9->15 12 1005982-1005984 10->12 13 1005989-100599e WaitForSingleObject 10->13 22 1005922-1005927 11->22 23 100592c-100593b 11->23 12->5 17 10059a0-10059a5 13->17 18 10059aa-10059b6 13->18 14->15 17->5 20 10059e4-1005a23 SendDlgItemMessageA * 3 18->20 21 10059b8-10059e2 Sleep ShowWindow SetParent 18->21 24 1005a25-1005a2b 20->24 21->24 22->5 25 1005947-100594d 23->25 26 100593d-1005942 23->26 27 1005a96-1005aa6 call 1004f6b 24->27 28 1005a2d-1005a7b call 1003c0f call 10066a7 call 100673e 24->28 29 1005959 25->29 30 100594f 25->30 26->5 35 1005b98-1005bc5 call 1002bc4 CreateFileA 27->35 36 1005aac-1005ab2 27->36 28->26 48 1005a81-1005a87 28->48 29->10 30->29 35->26 45 1005bcb-1005be7 GetFileSize call 1003be7 35->45 38 1005b53-1005b68 call 10076cb 36->38 39 1005ab8-1005b4d LoadStringA * 2 SendDlgItemMessageA * 5 ShowWindow 36->39 46 1005b6d-1005b72 38->46 39->38 55 1005be9-1005c00 ReadFile 45->55 56 1005c1f-1005c2e CloseHandle 45->56 46->26 50 1005b78-1005b7e 46->50 48->27 51 1005a89-1005a90 ShowWindow 48->51 53 1005b80-1005b86 50->53 54 1005b8c-1005b92 50->54 51->27 53->17 53->54 54->35 57 1005c3b-1005c41 54->57 55->56 58 1005c02-1005c0a 55->58 56->26 59 1005c34-1005c35 DeleteFileA 56->59 60 1005c43-1005c49 57->60 61 1005c5e-1005c64 57->61 58->56 62 1005c0c-1005c1c 58->62 59->57 60->61 63 1005c4b-1005c51 call 10046b9 60->63 64 1005dd6-1005ddc 61->64 65 1005c6a-1005c70 61->65 62->56 73 1005c56-1005c58 63->73 66 1005e15-1005e1c 64->66 67 1005dde-1005e0f ShowWindow LoadStringA MessageBoxA 64->67 65->64 69 1005c76-1005c7c 65->69 66->9 72 1005e1e-1005e25 66->72 67->66 70 1005c91-1005cc8 SetEnvironmentVariableA * 3 call 10037bf 69->70 71 1005c7e-1005c8f SendDlgItemMessageA 69->71 79 1005cf5-1005d01 70->79 80 1005cca-1005ce6 ExpandEnvironmentStringsA 70->80 71->70 75 1005e60 72->75 76 1005e27-1005e53 call 1003972 72->76 73->26 73->61 75->5 84 1005e55-1005e57 76->84 85 1005e5c-1005e5e 76->85 83 1005d03-1005d0b 79->83 80->3 82 1005cec-1005cee 80->82 86 1005cf0 82->86 87 1005d36-1005d7a CreateProcessA 82->87 83->83 88 1005d0d-1005d12 83->88 84->85 85->9 85->75 86->3 87->3 90 1005d80-1005d86 87->90 89 1005d14-1005d19 88->89 89->89 93 1005d1b-1005d1d 89->93 91 1005d95-1005dc8 WaitForSingleObject GetExitCodeProcess CloseHandle call 1002821 90->91 92 1005d88-1005d8f ShowWindow 90->92 98 1005dca-1005dcd 91->98 99 1005dcf-1005dd4 call 1002d78 91->99 92->91 95 1005d1e-1005d24 93->95 95->95 97 1005d26-1005d34 95->97 97->87 98->66 99->66
                                                                                                                APIs
                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(0100D060,000000FF), ref: 010058CB
                                                                                                                • #17.COMCTL32 ref: 010058DA
                                                                                                                • GetProcessHeap.KERNEL32 ref: 010058E0
                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 010058FA
                                                                                                                • DeleteCriticalSection.KERNEL32(0100D060,20000001), ref: 01005E77
                                                                                                                • ExitProcess.KERNEL32 ref: 01005E86
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalProcessSection$CountCreateDeleteEventExitHeapInitializeSpin
                                                                                                                • String ID: Un$)5j$C:\Users\user\Desktop\._cache_file.exe$D$Extracting File:$To Directory:$_SFX_CAB_EXE_PACKAGE$_SFX_CAB_EXE_PARAMETERS$_SFX_CAB_EXE_PATH$_sfx_manifest_$c:\1fc170e2ba0f8da87b9ffca6da4e715d$c:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exe
                                                                                                                • API String ID: 2862019026-2917455794
                                                                                                                • Opcode ID: c3a792d8c2075a35dd7e64b05d9c3b2f4654ac4543c79ca2ca3d8c026a3f3d64
                                                                                                                • Instruction ID: c7a1a7c6920ba9a6fd8a3830312b28b74cc00901af42d7916e2ca50266dc036a
                                                                                                                • Opcode Fuzzy Hash: c3a792d8c2075a35dd7e64b05d9c3b2f4654ac4543c79ca2ca3d8c026a3f3d64
                                                                                                                • Instruction Fuzzy Hash: 06E18070540245BFFB339BA49E89F6A3BA9F705754F1042AAF2C1A50D9DBBA4C40CF61
                                                                                                                Function 01004F6B Relevance: 79.4, APIs: 35, Strings: 10, Instructions: 646timestringencryptionCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 010045EB: GetFileAttributesA.KERNELBASE(?), ref: 0100465E
                                                                                                                  • Part of subcall function 010045EB: LoadLibraryA.KERNEL32(advapi32.dll), ref: 01004672
                                                                                                                  • Part of subcall function 010045EB: GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 01004682
                                                                                                                  • Part of subcall function 010045EB: DecryptFileA.ADVAPI32(?,00000000), ref: 01004695
                                                                                                                  • Part of subcall function 010045EB: GetLastError.KERNEL32 ref: 0100469B
                                                                                                                • InitializeSecurityDescriptor.ADVAPI32(?,00000001,?,?,?,?,?), ref: 0100502A
                                                                                                                • InitializeAcl.ADVAPI32(?,00000100,00000002,?,?,?,?,?), ref: 01005046
                                                                                                                • AddAccessAllowedAce.ADVAPI32(?,00000002,10000000,?,?,?,?,?,?), ref: 0100506B
                                                                                                                • AddAccessAllowedAce.ADVAPI32(?,00000002,10000000,?,?,?,?,?,?), ref: 01005081
                                                                                                                • AddAccessAllowedAce.ADVAPI32(?,00000002,10000000,?,?,?,?,?,?), ref: 01005097
                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000,?,?,?,?,?), ref: 010050AB
                                                                                                                • GetCurrentDirectoryA.KERNEL32(00000104,c:\1fc170e2ba0f8da87b9ffca6da4e715d,?,?,?,?,?), ref: 010050DB
                                                                                                                • GetSystemDirectoryA.KERNEL32(c:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exe ,0000FFFF), ref: 010050F0
                                                                                                                • QueryDosDeviceA.KERNEL32(c:\,?,00000400), ref: 01005146
                                                                                                                • _strlwr.MSVCRT ref: 01005162
                                                                                                                • strstr.MSVCRT ref: 0100517C
                                                                                                                • strstr.MSVCRT ref: 01005190
                                                                                                                • GetDiskFreeSpaceA.KERNELBASE(005C3A63,?,?,?,?,?,?,?), ref: 010051E8
                                                                                                                • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,?,?,?,?,?), ref: 01005357
                                                                                                                • CryptGenRandom.ADVAPI32(?,00000010,?,?,?,?,?,?), ref: 01005388
                                                                                                                • sprintf.MSVCRT ref: 0100539F
                                                                                                                • sprintf.MSVCRT ref: 010053D7
                                                                                                                • CryptReleaseContext.ADVAPI32(?,00000000,?,?,?,?,?), ref: 0100544B
                                                                                                                • GetSystemTime.KERNEL32(?,?,?,?,?,?), ref: 0100547A
                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?), ref: 0100548E
                                                                                                                • DialogBoxParamA.USER32(0000006B,Function_00003E7A,00000000,?,00000000), ref: 01005501
                                                                                                                • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 01005601
                                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?,?,00000000,cc:\), ref: 01005615
                                                                                                                • SetFileTime.KERNELBASE(DADAFEED,?,?,?,?,00000000,cc:\), ref: 01005627
                                                                                                                • CloseHandle.KERNELBASE(DADAFEED,?,00000000,cc:\), ref: 01005630
                                                                                                                • SendDlgItemMessageA.USER32(0002041A,0000006A,00000405,00000000,00000000), ref: 01005661
                                                                                                                • MoveFileExA.KERNEL32(0100C3A0,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 01005692
                                                                                                                • strstr.MSVCRT ref: 0100571A
                                                                                                                • _stricmp.MSVCRT(?,_sfx_manifest_,?,00000000,cc:\), ref: 01005742
                                                                                                                • SendDlgItemMessageA.USER32(0002041A,00000068,0000000C,00000000,?), ref: 010057A7
                                                                                                                • GetLastError.KERNEL32(?,00000000,cc:\), ref: 010057E4
                                                                                                                  • Part of subcall function 01004590: CreateDirectoryA.KERNELBASE(?,?), ref: 010045B8
                                                                                                                • CreateFileA.KERNELBASE(?,40000000,00000003,00000000,00000002,00000080,00000000,?,00000000,cc:\), ref: 0100584D
                                                                                                                • SetFilePointer.KERNELBASE(00000000,?,00000000,00000000,?,00000000,cc:\), ref: 01005865
                                                                                                                • SetEndOfFile.KERNELBASE(00000000,?,00000000,cc:\), ref: 01005868
                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000000,?,00000000,cc:\), ref: 01005872
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$Time$AccessAllowedCryptDirectorySystemstrstr$ContextCreateDescriptorErrorInitializeItemLastMessagePointerSecuritySendsprintf$AcquireAddressAttributesCloseCurrentDaclDateDecryptDeviceDialogDiskFreeHandleLibraryLoadLocalMoveParamProcQueryRandomReleaseSpace_stricmp_strlwr
                                                                                                                • String ID: Un$%02x$_sfx_manifest_$c:\1fc170e2ba0f8da87b9ffca6da4e715d$c:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exe $ccc:\$cdtag.1$harddisk$ramdisk$temp\ext
                                                                                                                • API String ID: 1990338833-3057390259
                                                                                                                • Opcode ID: fc543d989388e90af9c16f5f6d5131e38cd47ae6136f058cfd03532917dbfc3f
                                                                                                                • Instruction ID: cb34d6e19b9d76d7dc8cc1b05be71e2c05cbe8c8c636e12e1b2dadafe6b93270
                                                                                                                • Opcode Fuzzy Hash: fc543d989388e90af9c16f5f6d5131e38cd47ae6136f058cfd03532917dbfc3f
                                                                                                                • Instruction Fuzzy Hash: 6232A1719006589FFB73DB689C48BEA7BB9AB05346F0041E6E6C9E21C1DB758AC4CF50
                                                                                                                Function 010046B9 Relevance: 70.6, APIs: 30, Strings: 10, Instructions: 611filestringwindowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 286 10046b9-10046f0 call 10061d3 289 10048fc-1004900 286->289 290 10046f5-1004710 call 10060be 289->290 291 1004906-1004923 call 10061d3 289->291 298 1004716-100471c 290->298 299 10048e9-10048f7 call 100608f 290->299 296 1004ae3-1004afb call 10061d3 291->296 297 1004929 291->297 310 1004b01 296->310 311 1004cac-1004cc2 call 100370b call 10061d3 296->311 301 100492f-100494f call 10060be 297->301 302 1004736-1004764 call 1002bc4 call 10060be 298->302 303 100471e-1004730 SendDlgItemMessageA 298->303 299->289 314 1004955-100495b 301->314 315 1004ab9-1004add call 100608f 301->315 302->299 324 100476a-1004798 call 1002bc4 call 10060be 302->324 303->302 312 1004b08-1004b2d call 10060be 310->312 338 1004e14-1004e1c 311->338 330 1004c82-1004ca6 call 100608f 312->330 331 1004b33-1004b39 312->331 321 1004975-10049a8 call 1002bc4 call 10060be 314->321 322 100495d-100496f SendDlgItemMessageA 314->322 315->296 315->301 321->315 346 10049ae-10049dc call 1002bc4 strstr 321->346 322->321 353 10047b4 324->353 354 100479a-10047b2 call 1002bc4 324->354 330->311 348 1004b03 330->348 336 1004b53-1004b82 call 1002bc4 call 10060be 331->336 337 1004b3b-1004b4d SendDlgItemMessageA 331->337 336->330 369 1004b88-1004bc8 _strlwr call 100360c 336->369 337->336 339 1004e22-1004e3f call 10061f9 338->339 340 1004cc7-1004cdd call 10060be 338->340 357 1004e41-1004e55 call 100618d 339->357 358 1004ea8-1004ebb call 10061f9 339->358 363 1004ce3-1004d11 call 1002bc4 strstr 340->363 364 1004e08-1004e0f call 100608f 340->364 346->315 366 10049e2-1004a2c call 1004590 call 100447f SetFileAttributesA CopyFileA 346->366 348->312 361 10047ba-10047d0 strstr 353->361 354->361 357->358 382 1004e57-1004e6f strchr 357->382 379 1004f37-1004f3d 358->379 380 1004ebd-1004ed3 call 10060be 358->380 361->299 368 10047d6-1004842 call 1004590 call 100447f SetFileAttributesA call 100360c 361->368 363->364 381 1004d17-1004d34 FindFirstFileA 363->381 364->338 409 1004aa7-1004ab3 SetFileAttributesA 366->409 410 1004a2e-1004a37 GetLastError 366->410 368->299 438 1004848-1004851 GetLastError 368->438 401 1004c37-1004c4b _strlwr 369->401 402 1004bca-1004bd3 GetLastError 369->402 386 1004f51-1004f63 call 10062ff 379->386 387 1004f3f-1004f4b SendDlgItemMessageA 379->387 380->379 404 1004ed5-1004f22 call 1003e3a call 1002bc4 call 1003e3a strrchr 380->404 381->364 389 1004d3a-1004d4d strrchr 381->389 382->379 390 1004e75 382->390 387->386 395 1004d4e-1004d55 389->395 396 1004e7c-1004e86 390->396 405 1004de1-1004df6 FindNextFileA 395->405 406 1004d5b-1004d61 395->406 407 1004e77-1004e7a 396->407 408 1004e88-1004ea3 call 1003e3a 396->408 417 1004c51-1004c57 401->417 412 1004bd5-1004be4 call 10044ad 402->412 413 1004c2f-1004c35 402->413 457 1004f24 404->457 458 1004f26-1004f32 call 1003e3a 404->458 405->395 419 1004dfc-1004e02 FindClose 405->419 415 1004d63-1004d75 SendDlgItemMessageA 406->415 416 1004d7b-1004d85 406->416 407->396 407->408 408->379 409->315 410->409 420 1004a39-1004a54 call 100453f 410->420 412->413 439 1004be6-1004bf6 MoveFileA 412->439 413->330 413->401 415->416 423 1004d87-1004d8f 416->423 424 1004c73-1004c75 417->424 425 1004c59-1004c5b 417->425 419->364 420->409 436 1004a56-1004a61 420->436 423->423 432 1004d91-1004da0 DeleteFileA 423->432 428 1004c78-1004c7a 424->428 433 1004c5d-1004c65 425->433 434 1004c6f-1004c71 425->434 428->330 437 1004c7c 428->437 432->405 441 1004da2-1004dce Sleep SetFileAttributesA DeleteFileA 432->441 433->424 442 1004c67-1004c6d 433->442 434->428 443 1004a63 436->443 444 1004a69-1004a71 436->444 437->330 438->299 445 1004857-1004876 call 100453f 438->445 439->413 446 1004bf8-1004c27 MoveFileA 439->446 441->405 448 1004dd0-1004ddc call 100447f 441->448 442->417 442->434 443->444 449 1004a73 444->449 450 1004a79-1004a9f CopyFileA call 100373c 444->450 445->299 460 1004878-1004883 445->460 446->413 461 1004c29 446->461 448->405 449->450 450->409 463 1004aa1 450->463 457->458 458->379 464 1004885 460->464 465 100488b-1004891 460->465 461->413 463->409 464->465 467 1004893-1004898 465->467 468 100489a-10048aa 465->468 469 10048ac-10048e1 call 100373c 467->469 468->469 469->299 473 10048e3 469->473 473->299
                                                                                                                APIs
                                                                                                                • SendDlgItemMessageA.USER32(00000068,0000000C,00000000,?,00000000), ref: 01004730
                                                                                                                • strstr.MSVCRT ref: 010047C6
                                                                                                                • SetFileAttributesA.KERNEL32(?,00000080), ref: 01004801
                                                                                                                • GetLastError.KERNEL32 ref: 01004848
                                                                                                                • SendDlgItemMessageA.USER32(00000068,0000000C,00000000,?,?), ref: 0100496F
                                                                                                                • strstr.MSVCRT ref: 010049D2
                                                                                                                • SetFileAttributesA.KERNEL32(?,00000080), ref: 01004A0D
                                                                                                                • CopyFileA.KERNEL32(?,?,00000000), ref: 01004A22
                                                                                                                • GetLastError.KERNEL32 ref: 01004A2E
                                                                                                                • CopyFileA.KERNEL32(0100CE20,0100C3A0,00000000), ref: 01004A7C
                                                                                                                • SetFileAttributesA.KERNEL32(?,00000080), ref: 01004AB3
                                                                                                                • SendDlgItemMessageA.USER32(00000068,0000000C,00000000,?,?), ref: 01004B4D
                                                                                                                • _strlwr.MSVCRT ref: 01004B8F
                                                                                                                • GetLastError.KERNEL32 ref: 01004BCA
                                                                                                                • MoveFileA.KERNEL32(?,0100CE20), ref: 01004BEE
                                                                                                                • MoveFileA.KERNEL32(0100CE20,?), ref: 01004C1F
                                                                                                                • _strlwr.MSVCRT ref: 01004C3E
                                                                                                                • strstr.MSVCRT ref: 01004D07
                                                                                                                • FindFirstFileA.KERNEL32(?,?), ref: 01004D25
                                                                                                                • strrchr.MSVCRT ref: 01004D43
                                                                                                                • SendDlgItemMessageA.USER32(00000068,0000000C,00000000,?), ref: 01004D75
                                                                                                                • DeleteFileA.KERNEL32(?), ref: 01004D98
                                                                                                                • Sleep.KERNEL32(000001F4), ref: 01004DA7
                                                                                                                • SetFileAttributesA.KERNEL32(?,00000080), ref: 01004DB9
                                                                                                                • DeleteFileA.KERNEL32(?), ref: 01004DC6
                                                                                                                • FindNextFileA.KERNEL32(?,00000010), ref: 01004DEE
                                                                                                                • FindClose.KERNEL32(?), ref: 01004E02
                                                                                                                • strchr.MSVCRT ref: 01004E60
                                                                                                                • strrchr.MSVCRT ref: 01004F18
                                                                                                                • SendDlgItemMessageA.USER32(00000068,0000000C,00000000,010022BB,?), ref: 01004F4B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$ItemMessageSend$Attributes$ErrorFindLaststrstr$CopyDeleteMove_strlwrstrrchr$CloseFirstNextSleepstrchr
                                                                                                                • String ID: Un$\..\$c:\1fc170e2ba0f8da87b9ffca6da4e715d$command$copy$delete$deltas$options$run$verify
                                                                                                                • API String ID: 3851170777-3744594890
                                                                                                                • Opcode ID: 89faf3db3762656d20157f678ec9eb14baf6df118e99a81af9509fb5c0dc1727
                                                                                                                • Instruction ID: 1687914c5463bdb562aec54404296a2838319fe0694d4148413fc6cab1dc7c20
                                                                                                                • Opcode Fuzzy Hash: 89faf3db3762656d20157f678ec9eb14baf6df118e99a81af9509fb5c0dc1727
                                                                                                                • Instruction Fuzzy Hash: 06224E71940219AEFB63DBA4DC48FEA77BDAB14740F0045E6E2C9E2081DB759AC4CF64
                                                                                                                Function 010029C2 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 101libraryloaderCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 655 10029c2-1002a04 GetSystemDirectoryA 656 1002a0a-1002a11 655->656 657 1002afe-1002b0d call 10062ff 655->657 659 1002a12-1002a18 656->659 659->659 661 1002a1a-1002a35 LoadLibraryA 659->661 662 1002a3b-1002a51 GetProcAddress 661->662 663 1002afc-1002afd 661->663 664 1002af5-1002af6 FreeLibrary 662->664 665 1002a57-1002a67 GetProcAddress 662->665 663->657 664->663 665->664 666 1002a6d-1002a7a GetProcAddress 665->666 667 1002af4 666->667 668 1002a7c-1002a8c GetProcAddress 666->668 667->664 668->667 669 1002a8e-1002a95 668->669 670 1002a99-1002a9b 669->670 670->667 671 1002a9d-1002aa4 670->671 671->667 672 1002aa6-1002ab1 671->672 672->667 674 1002ab3-1002adf 672->674 676 1002ae1-1002ae7 674->676 677 1002aed 674->677 676->677 677->667
                                                                                                                APIs
                                                                                                                • GetSystemDirectoryA.KERNEL32(?,00000208), ref: 010029FC
                                                                                                                • LoadLibraryA.KERNELBASE(?), ref: 01002A2B
                                                                                                                • GetProcAddress.KERNEL32(00000000,OpenCluster), ref: 01002A47
                                                                                                                • GetProcAddress.KERNEL32(00000000,CloseCluster), ref: 01002A5D
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetNodeClusterState), ref: 01002A74
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetClusterQuorumResource), ref: 01002A82
                                                                                                                • FreeLibrary.KERNELBASE(00000000), ref: 01002AF6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$Library$DirectoryFreeLoadSystem
                                                                                                                • String ID: CloseCluster$GetClusterQuorumResource$GetNodeClusterState$OpenCluster$\clusapi.dll
                                                                                                                • API String ID: 1303522615-3927317670
                                                                                                                • Opcode ID: 19ecdf8b4e077f10c3230d29f80904c3b00e6bcb7b69bd1645e8ca2f298c8bba
                                                                                                                • Instruction ID: 58cc90120aaaae1193b9abb678c188ec05ae692f01dcb1cc6c6543d780e01115
                                                                                                                • Opcode Fuzzy Hash: 19ecdf8b4e077f10c3230d29f80904c3b00e6bcb7b69bd1645e8ca2f298c8bba
                                                                                                                • Instruction Fuzzy Hash: F13147719002299BFB72DBA88D48FDA7BFC5F4A640F0442E5E544E2141DF748AC5DF61
                                                                                                                Function 01003D02 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 112memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 01003D4D
                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 01003D5D
                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 01003D64
                                                                                                                • GetTokenInformation.KERNELBASE(?,00000004,c:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exe ,00010000,?), ref: 01003D8F
                                                                                                                • GetLengthSid.ADVAPI32 ref: 01003DA0
                                                                                                                • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),c:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exe ,00010000,?), ref: 01003DE0
                                                                                                                • GetLengthSid.ADVAPI32 ref: 01003DEC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Token$InformationLengthProcess$AllocateCurrentInitializeOpen
                                                                                                                • String ID: c:\1fc170e2ba0f8da87b9ffca6da4e715d\Setup.exe
                                                                                                                • API String ID: 3439802213-414810666
                                                                                                                • Opcode ID: 39bd5e7e546647ab028321304c63e802246d0dfb69878f62c748718f95d36311
                                                                                                                • Instruction ID: 50115026e131d678ab12094c5f900f2c20abbbbf56de831dd1116dd559b86531
                                                                                                                • Opcode Fuzzy Hash: 39bd5e7e546647ab028321304c63e802246d0dfb69878f62c748718f95d36311
                                                                                                                • Instruction Fuzzy Hash: 23315431600245AFEB17DBA8DC59BAF7BE9FB58740F044069FA81EB2C1DAB59904C760
                                                                                                                Function 010045EB Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 72libraryfileloaderCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 744 10045eb-1004608 745 100460b-1004610 744->745 745->745 746 1004612-1004638 745->746 747 1004641-1004655 call 1004590 746->747 748 100463a-100463d 746->748 751 10046a6 747->751 752 1004657-1004667 GetFileAttributesA 747->752 748->747 753 10046a8-10046b1 call 10062ff 751->753 752->751 754 1004669-100466b 752->754 754->751 756 100466d-100467a LoadLibraryA 754->756 758 10046a1-10046a4 756->758 759 100467c-100468a GetProcAddress 756->759 758->753 759->758 760 100468c-1004699 DecryptFileA 759->760 760->758 761 100469b GetLastError 760->761 761->758
                                                                                                                APIs
                                                                                                                • GetFileAttributesA.KERNELBASE(?), ref: 0100465E
                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 01004672
                                                                                                                • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 01004682
                                                                                                                • DecryptFileA.ADVAPI32(?,00000000), ref: 01004695
                                                                                                                • GetLastError.KERNEL32 ref: 0100469B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$AddressAttributesDecryptErrorLastLibraryLoadProc
                                                                                                                • String ID: DecryptFileA$advapi32.dll
                                                                                                                • API String ID: 82924815-2381948369
                                                                                                                • Opcode ID: 2afcba44abed0f4631d6c18061f481163f3b24b8efbb4aba021dffaed5c2241f
                                                                                                                • Instruction ID: dd98f6a6a96e0f5451efa8104c5849e027a4f17fe98ce00ff4f40b46ec6d0873
                                                                                                                • Opcode Fuzzy Hash: 2afcba44abed0f4631d6c18061f481163f3b24b8efbb4aba021dffaed5c2241f
                                                                                                                • Instruction Fuzzy Hash: 4521D131604605DEFB62DB68CC4CBDA7BE9AB59300F0401A4EAC5E71C1EB75DA54CB16
                                                                                                                Function 01002B13 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 762 1002b13-1002b4d GetDriveTypeA 763 1002b60-1002b80 CreateFileA 762->763 764 1002b4f-1002b50 762->764 765 1002b82-1002b9d DeviceIoControl 763->765 766 1002b57-1002b59 763->766 767 1002b52-1002b55 764->767 768 1002bae-1002bbc call 10062ff 764->768 770 1002ba5 765->770 771 1002b9f-1002ba3 765->771 766->768 767->766 769 1002b5b-1002b5e 767->769 769->768 773 1002ba7-1002ba8 CloseHandle 770->773 771->770 771->773 773->768
                                                                                                                APIs
                                                                                                                • GetDriveTypeA.KERNELBASE(?), ref: 01002B43
                                                                                                                • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 01002B75
                                                                                                                • DeviceIoControl.KERNEL32(00000000,00070000,00000000,00000000,?,00000018,?,00000000), ref: 01002B95
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 01002BA8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseControlCreateDeviceDriveFileHandleType
                                                                                                                • String ID: ?:\$\\.\?:
                                                                                                                • API String ID: 3103408351-3307214488
                                                                                                                • Opcode ID: 2c8683e07499ac882b6ccafdf590b753cf23b2020a389af79e37c9552ac3cdc0
                                                                                                                • Instruction ID: 96b825b74241d8912b1bf084e53a85c8b322490675edc855e8f29042fc933e05
                                                                                                                • Opcode Fuzzy Hash: 2c8683e07499ac882b6ccafdf590b753cf23b2020a389af79e37c9552ac3cdc0
                                                                                                                • Instruction Fuzzy Hash: DE119332901618BAE722DBA99C4CEEFBFADEB49360F144161F695F3180DA748645C7B0
                                                                                                                Function 0100400D Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 381COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 474 100400d-100402d GetModuleFileNameA 475 1004030-1004035 474->475 475->475 476 1004037-100403f 475->476 477 100404b-100404d 476->477 478 1004041-1004047 477->478 479 100404f-100406b call 1003e3a call 1003016 GetCommandLineA 477->479 478->479 480 1004049 478->480 485 100406d-1004071 479->485 480->477 486 1004073-1004075 485->486 487 100407b-100407d 485->487 486->487 488 1004077-1004079 486->488 489 1004082-1004083 487->489 490 100407f-1004081 487->490 488->487 491 1004085-100408a 488->491 489->485 490->489 492 10040a3-10040a5 491->492 493 100408c-1004091 491->493 495 10040a8-10040ad 492->495 493->492 494 1004093-1004096 493->494 496 10040a0 494->496 497 1004098-100409c 494->497 495->495 498 10040af-10040b5 495->498 496->492 497->494 500 100409e 497->500 499 10040c7-10040c9 498->499 501 10040b7-10040bc 499->501 502 10040cb-10040dd 499->502 500->492 503 10040c3-10040c6 501->503 504 10040be-10040c1 501->504 505 10040e0-10040e5 502->505 503->499 504->502 504->503 505->505 506 10040e7-10040ed 505->506 507 10040f5-10040f7 506->507 508 10040f9 507->508 509 10040ef-10040f2 507->509 512 100412c-100413c 508->512 510 10040f4 509->510 511 10040fb-10040fd 509->511 510->507 513 1004100-1004105 511->513 514 1004252-100425a 512->514 515 1004142-1004151 512->515 513->513 519 1004107-1004127 513->519 518 100425d-1004262 514->518 516 1004232-100423b 515->516 517 1004157-100415e 515->517 516->515 521 1004241 516->521 520 1004167-1004173 517->520 518->518 522 1004264-1004269 518->522 519->512 523 1004160-1004163 520->523 524 1004175-1004178 520->524 521->514 525 1004475-1004479 522->525 526 100426f-1004275 522->526 527 1004165-1004166 523->527 528 100417e-1004186 523->528 524->516 524->528 526->525 529 100427b-100427e 526->529 527->520 530 10041c3-10041c8 528->530 531 1004188-100418b 528->531 532 1004284-100428c 529->532 533 1004467-100446f 529->533 535 10041d3-10041fc 530->535 536 10041ca-10041cd 530->536 531->530 534 100418d-1004197 531->534 537 1004296-1004298 532->537 538 100428e-1004290 532->538 533->525 533->529 539 100419e-10041b4 534->539 542 100421e-100422b GetFileAttributesA 535->542 543 10041fe-1004216 535->543 536->535 540 10041cf-10041d1 536->540 541 100429b-10042a0 537->541 538->533 538->537 546 1004243-1004247 539->546 547 10041ba-10041be 539->547 540->516 540->535 541->541 548 10042a2-10042a7 541->548 544 100424c 542->544 545 100422d 542->545 543->542 544->514 545->516 546->530 547->539 550 10041c0 547->550 548->533 549 10042ad-10042b6 548->549 551 1004388-100438b 549->551 552 10042bc 549->552 550->530 555 10042c6 551->555 553 1004333-1004346 _strnicmp 552->553 554 10042be-10042c1 552->554 556 1004348 553->556 557 100436a-100437d _strnicmp 553->557 554->553 558 10042c3 554->558 559 1004448-1004459 _strnicmp 555->559 560 10042cc-10042cf 555->560 562 100434b-100435d call 1002f3a 556->562 557->533 565 1004383-1004386 557->565 558->555 561 100445b 559->561 563 10042d5-10042d6 560->563 564 100441c-100442f _strnicmp 560->564 561->533 566 100445d 561->566 562->533 581 1004363-1004365 call 1003892 562->581 568 10043e8-10043fb _strnicmp 563->568 569 10042dc-10042de 563->569 564->533 571 1004431 564->571 570 1004318-100431a 565->570 566->533 575 1004417-100441a 568->575 576 10043fd 568->576 577 10042e4-10042e6 569->577 578 10043d9-10043de 569->578 572 1004324-100432e 570->572 573 100431c-100431e 570->573 579 1004434-1004436 571->579 572->533 573->533 573->572 582 1004400-1004402 575->582 576->582 583 10043d4-10043d7 577->583 584 10042ec-10042ef 577->584 578->566 580 10043e0-10043e2 578->580 585 1004438-100443a 579->585 586 100443c-1004446 579->586 580->566 587 10043e4-10043e6 580->587 581->557 589 1004404-1004406 582->589 590 1004408-1004415 582->590 583->579 584->533 591 10042f5-10042fa 584->591 585->533 585->586 586->533 587->561 589->533 589->590 590->533 591->562 592 10042fc-10042fe 591->592 593 10043b4-10043b8 592->593 594 1004304-1004306 592->594 595 10043c2-10043cf 593->595 596 10043ba-10043bc 593->596 597 1004390-1004394 594->597 598 100430c-100430e 594->598 595->533 596->533 596->595 599 1004396-1004398 597->599 600 100439e-10043af 597->600 598->593 601 1004314-1004316 598->601 599->533 599->600 600->533 601->570 601->597
                                                                                                                APIs
                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\._cache_file.exe,00000104), ref: 01004025
                                                                                                                • GetCommandLineA.KERNEL32 ref: 01004060
                                                                                                                • GetFileAttributesA.KERNELBASE(To Directory:), ref: 01004223
                                                                                                                • _strnicmp.MSVCRT ref: 0100433B
                                                                                                                • _strnicmp.MSVCRT ref: 01004372
                                                                                                                • _strnicmp.MSVCRT ref: 01004450
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _strnicmp$File$AttributesCommandLineModuleName
                                                                                                                • String ID: )5j$C:\Users\user\Desktop\._cache_file.exe$Extracting File:$To Directory:$extract$extract:$integrate$passive$quiet
                                                                                                                • API String ID: 3875041768-3108204081
                                                                                                                • Opcode ID: ac494798e5bc9b3b8e97eb29fcbcefb1249f91a18fa69446e7f113a224a58319
                                                                                                                • Instruction ID: ee85d7d4dc22db283b7cf7d6e356c1cdb43bb5f1116dac34ca54e1d5d0c69bec
                                                                                                                • Opcode Fuzzy Hash: ac494798e5bc9b3b8e97eb29fcbcefb1249f91a18fa69446e7f113a224a58319
                                                                                                                • Instruction Fuzzy Hash: C2D1F130A042859EFB678B6C98583FA7FE1AB42308F4A41D4DBC1DB2CACB754546C75A
                                                                                                                Function 01003016 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 274memoryfileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 602 1003016-100304f CreateFileA 603 1003055-1003077 ReadFile 602->603 604 10033c9-10033d3 call 10062ff 602->604 605 10033bb-10033c8 CloseHandle 603->605 606 100307d-1003083 603->606 605->604 606->605 608 1003089-1003092 606->608 610 10030e0-10030ea 608->610 611 1003094-10030ae SetFilePointer 608->611 610->605 612 10030f0-10030f9 610->612 611->605 613 10030b4-10030ce ReadFile 611->613 612->605 615 10030ff-1003102 612->615 613->605 614 10030d4-10030da 613->614 614->605 614->610 615->605 616 1003108-100310b 615->616 616->605 617 1003111-1003118 616->617 617->605 618 100311e-1003139 RtlAllocateHeap 617->618 618->605 619 100313f-1003153 SetFilePointer 618->619 619->605 620 1003159-100316f ReadFile 619->620 620->605 621 1003175-100317e 620->621 621->605 622 1003184-100318f 621->622 623 10031dd-10031e3 622->623 624 1003191-1003194 623->624 625 10031e5 623->625 626 1003196-10031a4 624->626 627 10031cf-10031d6 624->627 625->605 626->627 628 10031a6-10031b2 626->628 627->623 628->627 629 10031b4-10031ba 628->629 629->627 630 10031bc-10031c7 call 1002fe1 629->630 633 10031c9 630->633 634 10031ea-10031f3 630->634 633->627 635 1003221-100323b 634->635 636 10031f5-10031fd 634->636 635->605 638 1003241-1003247 635->638 637 100320b-1003211 636->637 639 1003213-100321f 637->639 640 10031ff-100320a 637->640 641 1003255-1003262 638->641 639->635 640->637 641->605 642 1003268-100326d 641->642 642->605 643 1003273-1003277 642->643 643->605 644 100327d-100329c 643->644 644->605 645 10032a2-10032ff WideCharToMultiByte 644->645 646 1003305-100330b 645->646 647 10033af-10033b5 645->647 646->647 648 1003311-1003328 HeapAlloc 646->648 647->605 649 1003249-100324f 647->649 648->605 650 100332e-100334e WideCharToMultiByte GetEnvironmentVariableA 648->650 649->641 650->647 651 1003350-100336e WideCharToMultiByte 650->651 651->647 652 1003370-1003376 651->652 652->647 653 1003378-100338b HeapAlloc 652->653 653->605 654 100338d-10033a9 WideCharToMultiByte SetEnvironmentVariableA 653->654 654->647
                                                                                                                APIs
                                                                                                                • CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,10000000,00000000), ref: 01003040
                                                                                                                • ReadFile.KERNELBASE(00000000,?,000000F8,?,00000000), ref: 01003073
                                                                                                                • SetFilePointer.KERNELBASE(?,?,00000000,00000000), ref: 010030A2
                                                                                                                • ReadFile.KERNELBASE(?,00005A4D,000000F8,?,00000000), ref: 010030CA
                                                                                                                • RtlAllocateHeap.NTDLL(00000008,00040000), ref: 01003129
                                                                                                                • SetFilePointer.KERNELBASE(?,?,00000000,00000000), ref: 0100314A
                                                                                                                • ReadFile.KERNEL32(?,00000000,00040000,?,00000000), ref: 0100316B
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 010032F5
                                                                                                                • HeapAlloc.KERNEL32(00000008,00000000), ref: 0100331A
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 0100333C
                                                                                                                • GetEnvironmentVariableA.KERNEL32(?,00000000,00000000), ref: 01003346
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 01003364
                                                                                                                • HeapAlloc.KERNEL32(00000008,00000000), ref: 01003381
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 010033A0
                                                                                                                • SetEnvironmentVariableA.KERNEL32(?,00000000), ref: 010033A9
                                                                                                                • CloseHandle.KERNELBASE(?), ref: 010033C1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$ByteCharMultiWide$HeapRead$AllocEnvironmentPointerVariable$AllocateCloseCreateHandle
                                                                                                                • String ID: PE
                                                                                                                • API String ID: 1909040894-4258593460
                                                                                                                • Opcode ID: 7a117e422b0a1a894acefd9d8880e513f77c58c962ccde61173d9d4eb82a6e9e
                                                                                                                • Instruction ID: bf8ad80c2da08c31ae0c339a365434081412969bf7389dda4636a4a9dec36aeb
                                                                                                                • Opcode Fuzzy Hash: 7a117e422b0a1a894acefd9d8880e513f77c58c962ccde61173d9d4eb82a6e9e
                                                                                                                • Instruction Fuzzy Hash: 55A15E71804128AFEB778B58CC85BE9FBB9FB14350F1481E9E689A6290DB714DC5CF60
                                                                                                                Function 010028D9 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 678 10028d9-100291c SetErrorMode * 2 GetTickCount 679 100291e-1002952 sprintf CreateDirectoryA 678->679 680 1002954-100295f GetLastError 679->680 681 1002975-1002984 RemoveDirectoryA 679->681 682 10029a0-10029ba SetErrorMode call 10062ff 680->682 683 1002961-1002971 680->683 684 1002996 681->684 685 1002986-1002990 MoveFileExA 681->685 683->679 686 1002973 683->686 684->682 685->684 686->682
                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNELBASE(00000000), ref: 01002901
                                                                                                                • SetErrorMode.KERNELBASE(00000000), ref: 0100290D
                                                                                                                • GetTickCount.KERNEL32 ref: 0100290F
                                                                                                                • sprintf.MSVCRT ref: 01002937
                                                                                                                • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0100294A
                                                                                                                • GetLastError.KERNEL32 ref: 01002954
                                                                                                                • RemoveDirectoryA.KERNELBASE(?), ref: 0100297C
                                                                                                                • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 01002990
                                                                                                                • SetErrorMode.KERNELBASE(?), ref: 010029A6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Error$Mode$Directory$CountCreateFileLastMoveRemoveTicksprintf
                                                                                                                • String ID: %s_%06u_
                                                                                                                • API String ID: 2138407651-2224866286
                                                                                                                • Opcode ID: 605b290757ffbc819f70990fed8fb14aff114087cd0563a7a2d4703900c9114f
                                                                                                                • Instruction ID: 2b5bf619bf93649879f906ab2fef4dd1de3e953bea1c10fa8e68832a185b186a
                                                                                                                • Opcode Fuzzy Hash: 605b290757ffbc819f70990fed8fb14aff114087cd0563a7a2d4703900c9114f
                                                                                                                • Instruction Fuzzy Hash: AC2162719002189BEB22DB64CC4DBDA77BEEB54341F0040A6E685E2181D7B99A84CFA1
                                                                                                                Function 010037BF Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 64fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 689 10037bf-10037d7 GetEnvironmentVariableA 690 100388a-100388c 689->690 691 10037dd-1003815 call 1002bc4 CreateFileA 689->691 694 1003817-1003861 WriteFile 691->694 695 1003889 691->695 696 1003863-1003866 694->696 697 1003876-1003882 CloseHandle 694->697 695->690 696->697 698 1003868-1003874 SetEnvironmentVariableA 696->698 697->695 698->695
                                                                                                                APIs
                                                                                                                • GetEnvironmentVariableA.KERNEL32(_SFX_CAB_SHUTDOWN_REQUEST,00000000,00000000), ref: 010037CF
                                                                                                                • CreateFileA.KERNELBASE(c:\1fc170e2ba0f8da87b9ffca6da4e715d\$shtdwn$.req,C0000000,00000003,00000000,00000001,04000002,00000000), ref: 01003804
                                                                                                                • WriteFile.KERNELBASE(00000000,Sdwn,00000314,?,00000000), ref: 01003858
                                                                                                                • SetEnvironmentVariableA.KERNEL32(_SFX_CAB_SHUTDOWN_REQUEST,c:\1fc170e2ba0f8da87b9ffca6da4e715d\$shtdwn$.req), ref: 0100386E
                                                                                                                • CloseHandle.KERNEL32 ref: 0100387C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: EnvironmentFileVariable$CloseCreateHandleWrite
                                                                                                                • String ID: $shtdwn$.req$Sdwn$_SFX_CAB_SHUTDOWN_REQUEST$c:\1fc170e2ba0f8da87b9ffca6da4e715d$c:\1fc170e2ba0f8da87b9ffca6da4e715d\$shtdwn$.req
                                                                                                                • API String ID: 510931695-1137879858
                                                                                                                • Opcode ID: 74f9ad3b8f2023380f4faa6e9c0d97565d17dc7302695f93730564ca81c6b899
                                                                                                                • Instruction ID: b0220b2b77477a676319b82448efaae5af67ee2cc9e6961861700f30aa540367
                                                                                                                • Opcode Fuzzy Hash: 74f9ad3b8f2023380f4faa6e9c0d97565d17dc7302695f93730564ca81c6b899
                                                                                                                • Instruction Fuzzy Hash: C8116D71604340ABF7338B9AAD4DF473AA9F786764F1043A9F1C1A61C8D7765641C770
                                                                                                                Function 010063FF Relevance: 13.6, APIs: 9, Instructions: 87COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 718 10063ff-1006414 call 10065b8 721 1006416-1006425 718->721 722 100643e-1006442 718->722 721->722 723 1006427-1006434 721->723 724 100646e-10064bd __set_app_type __p__fmode __p__commode call 1003783 722->724 726 1006436-100643c 723->726 727 1006457-100645e 723->727 732 10064cb-1006529 call 10065a1 _initterm __getmainargs _initterm call 1005e92 724->732 733 10064bf-10064ca __setusermatherr 724->733 726->722 730 1006444-100644b 726->730 727->722 728 1006460-1006462 727->728 731 1006468-100646b 728->731 730->722 734 100644d-1006455 730->734 731->724 738 100652e-100653a 732->738 733->732 734->731 739 1006543-1006583 _cexit call 10065f3 738->739 740 100653c-100653d exit 738->740 740->739
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _initterm$__getmainargs__p__commode__p__fmode__set_app_type__setusermatherr_cexitexit
                                                                                                                • String ID:
                                                                                                                • API String ID: 1729372338-0
                                                                                                                • Opcode ID: 6af886278659cd1f87929ba10df1e95ca34e58862df1f3af71c4c3f27de72d1c
                                                                                                                • Instruction ID: 599c4623493fcb82760b158fed09b41a5123095cb67496b16860643f61b92bca
                                                                                                                • Opcode Fuzzy Hash: 6af886278659cd1f87929ba10df1e95ca34e58862df1f3af71c4c3f27de72d1c
                                                                                                                • Instruction Fuzzy Hash: 3B315874940205DFEB27DFA4D44CAEC77B2FB18312F10816AF196A62D8DB3B4A54CB21
                                                                                                                Function 01003C0F Relevance: 3.0, APIs: 2, Instructions: 26fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 775 1003c0f-1003c35 CreateFileA 776 1003c37-1003c38 call 1003892 775->776 777 1003c3d-1003c52 SetFilePointer 775->777 776->777
                                                                                                                APIs
                                                                                                                • CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,08000000,00000000), ref: 01003C2A
                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000), ref: 01003C48
                                                                                                                  • Part of subcall function 01003892: GetLastError.KERNEL32 ref: 010038A6
                                                                                                                  • Part of subcall function 01003892: LoadStringA.USER32(20000003,?,00000080,?), ref: 010038ED
                                                                                                                  • Part of subcall function 01003892: MessageBoxA.USER32(?,00000000,00010010), ref: 01003909
                                                                                                                  • Part of subcall function 01003892: DeleteCriticalSection.KERNEL32(0100D060), ref: 01003927
                                                                                                                  • Part of subcall function 01003892: ExitProcess.KERNEL32 ref: 01003935
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$CreateCriticalDeleteErrorExitLastLoadMessagePointerProcessSectionString
                                                                                                                • String ID:
                                                                                                                • API String ID: 1911058658-0
                                                                                                                • Opcode ID: 3db09fa30688c6ade57452f90a721c5f0e3047f88a1d14363bbe33cf621a1cff
                                                                                                                • Instruction ID: f747d1a96e7ed0c96837ae8def0cda9aa80c9c8a6c6ac268114b6baa7651c347
                                                                                                                • Opcode Fuzzy Hash: 3db09fa30688c6ade57452f90a721c5f0e3047f88a1d14363bbe33cf621a1cff
                                                                                                                • Instruction Fuzzy Hash: 8EE086313803247BF5332669AC0EF8579099701B71F204251FB58BA1C0C6A56A40C798
                                                                                                                Function 01003C87 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 779 1003c87-1003c93 780 1003c95-1003c9d 779->780 781 1003cdc-1003cf3 WriteFile 779->781 784 1003ca2-1003cd6 780->784 785 1003c9f 780->785 782 1003cf5-1003cfc call 1003892 781->782 783 1003cd7-1003cdb 781->783 784->783 785->784
                                                                                                                APIs
                                                                                                                • WriteFile.KERNELBASE(DADAFEED,?,?,?,00000000), ref: 01003CEB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 3934441357-0
                                                                                                                • Opcode ID: 64d857ce796dace06822de0efcd78285d4c1ff5c9f778fdfecebaa5c7ebed988
                                                                                                                • Instruction ID: 8ed4801c38d92fe31a950a2119f22d7affeb1643a363de039ab70ebeba9e11e9
                                                                                                                • Opcode Fuzzy Hash: 64d857ce796dace06822de0efcd78285d4c1ff5c9f778fdfecebaa5c7ebed988
                                                                                                                • Instruction Fuzzy Hash: 60012C3120024DAFDB12CFADD800AEA77E9FB58320F448969FA68C7190D779D951CB50
                                                                                                                Function 01004590 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 788 1004590-10045aa 789 10045ac-10045af 788->789 790 10045dd-10045e3 788->790 791 10045b1-10045c0 CreateDirectoryA 789->791 792 10045d7-10045db 789->792 793 10045c2-10045cd call 100447f 791->793 794 10045d4 791->794 792->789 792->790 793->794 794->792
                                                                                                                APIs
                                                                                                                • CreateDirectoryA.KERNELBASE(?,?), ref: 010045B8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateDirectory
                                                                                                                • String ID:
                                                                                                                • API String ID: 4241100979-0
                                                                                                                • Opcode ID: a9c93d86d7b1e126657db29aee2ea8a09b01b806f2212d3dabd863b7a028eda3
                                                                                                                • Instruction ID: 9cc6a4ee66b41767d7bcf1e787c71929ede8fd294d86324cd45e64105ddf3fa1
                                                                                                                • Opcode Fuzzy Hash: a9c93d86d7b1e126657db29aee2ea8a09b01b806f2212d3dabd863b7a028eda3
                                                                                                                • Instruction Fuzzy Hash: 7CF0B431500385AEFB334F29C804BAABFD89F91751F28809DFAC4CA582D7B58590C7A5
                                                                                                                Function 01003C58 Relevance: 1.5, APIs: 1, Instructions: 17fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 797 1003c58-1003c74 ReadFile 798 1003c76-1003c78 call 1003892 797->798 799 1003c7d-1003c81 797->799 798->799
                                                                                                                APIs
                                                                                                                • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 01003C6C
                                                                                                                  • Part of subcall function 01003892: GetLastError.KERNEL32 ref: 010038A6
                                                                                                                  • Part of subcall function 01003892: LoadStringA.USER32(20000003,?,00000080,?), ref: 010038ED
                                                                                                                  • Part of subcall function 01003892: MessageBoxA.USER32(?,00000000,00010010), ref: 01003909
                                                                                                                  • Part of subcall function 01003892: DeleteCriticalSection.KERNEL32(0100D060), ref: 01003927
                                                                                                                  • Part of subcall function 01003892: ExitProcess.KERNEL32 ref: 01003935
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalDeleteErrorExitFileLastLoadMessageProcessReadSectionString
                                                                                                                • String ID:
                                                                                                                • API String ID: 896096512-0
                                                                                                                • Opcode ID: c5cd25c055f1176644a0d9d6a050eae1adbf6e77802f162c6b8565da1953186c
                                                                                                                • Instruction ID: b5e608f67cd8aa0ec7224ba8d194bf05f248ddf814a44386e79e7048d07bb6a0
                                                                                                                • Opcode Fuzzy Hash: c5cd25c055f1176644a0d9d6a050eae1adbf6e77802f162c6b8565da1953186c
                                                                                                                • Instruction Fuzzy Hash: EED0173210034DBFDF129E95CC08EAA3B6DFF44220F084514BA7889090D732D520CB51
                                                                                                                Function 01002C7C Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetFilePointer.KERNELBASE(?,?,00000000,00000000), ref: 01002C9B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FilePointer
                                                                                                                • String ID:
                                                                                                                • API String ID: 973152223-0
                                                                                                                • Opcode ID: d8d5cd754932263745f338520652626db3bdb25572505ccd5790d85f059cf7dc
                                                                                                                • Instruction ID: 4670c305a0b7d71b77fc1b6fc64dcd010d39b6e931a86f05cad5b7c8d19ffb63
                                                                                                                • Opcode Fuzzy Hash: d8d5cd754932263745f338520652626db3bdb25572505ccd5790d85f059cf7dc
                                                                                                                • Instruction Fuzzy Hash: 8CD01731100208AFEB22CF48DD09FAA7BA9FB40314F058254F99C86195C776A9A4DB80
                                                                                                                Function 01003BE7 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(00000008,?), ref: 01003BF7
                                                                                                                  • Part of subcall function 01003892: GetLastError.KERNEL32 ref: 010038A6
                                                                                                                  • Part of subcall function 01003892: LoadStringA.USER32(20000003,?,00000080,?), ref: 010038ED
                                                                                                                  • Part of subcall function 01003892: MessageBoxA.USER32(?,00000000,00010010), ref: 01003909
                                                                                                                  • Part of subcall function 01003892: DeleteCriticalSection.KERNEL32(0100D060), ref: 01003927
                                                                                                                  • Part of subcall function 01003892: ExitProcess.KERNEL32 ref: 01003935
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocateCriticalDeleteErrorExitHeapLastLoadMessageProcessSectionString
                                                                                                                • String ID:
                                                                                                                • API String ID: 2723237252-0
                                                                                                                • Opcode ID: d29ed06aef175119988cce3a01b5eac88403f80cc4c048d63e3ca06fa13aed40
                                                                                                                • Instruction ID: ad55088b63a8ad1721269f3b50eb0db26e9cccda6a3b5370c978a76dbeb461c3
                                                                                                                • Opcode Fuzzy Hash: d29ed06aef175119988cce3a01b5eac88403f80cc4c048d63e3ca06fa13aed40
                                                                                                                • Instruction Fuzzy Hash: E4C012311803087BFA631BAAAC09F553F59B790651F04C051F68C4C090DA62A4555750
                                                                                                                Function 01003941 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DialogBoxParamA.USER32(00000064,00000000,01002E53,00000000), ref: 01003952
                                                                                                                  • Part of subcall function 01003892: GetLastError.KERNEL32 ref: 010038A6
                                                                                                                  • Part of subcall function 01003892: LoadStringA.USER32(20000003,?,00000080,?), ref: 010038ED
                                                                                                                  • Part of subcall function 01003892: MessageBoxA.USER32(?,00000000,00010010), ref: 01003909
                                                                                                                  • Part of subcall function 01003892: DeleteCriticalSection.KERNEL32(0100D060), ref: 01003927
                                                                                                                  • Part of subcall function 01003892: ExitProcess.KERNEL32 ref: 01003935
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalDeleteDialogErrorExitLastLoadMessageParamProcessSectionString
                                                                                                                • String ID:
                                                                                                                • API String ID: 372479490-0
                                                                                                                • Opcode ID: 15e03c84a8a15e18858af6215931239894f471006d1615df1c756c50269ef313
                                                                                                                • Instruction ID: a510406ee53e3107ecf5958c8e1665ca229ba3e50066fc7eea34c27700789f19
                                                                                                                • Opcode Fuzzy Hash: 15e03c84a8a15e18858af6215931239894f471006d1615df1c756c50269ef313
                                                                                                                • Instruction Fuzzy Hash: 18D01231280340AAF6335724AE0AF5237A07720B2AF24839173E17C0D4C6EA4820CB68

                                                                                                                Non-executed Functions

                                                                                                                Function 01003972 Relevance: 49.2, APIs: 20, Strings: 8, Instructions: 178synchronizationlibraryshutdownCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • OpenEventA.KERNEL32(00100000,00000000,WFP_IDLE_TRIGGER), ref: 010039AD
                                                                                                                  • Part of subcall function 0100346E: CloseHandle.KERNEL32(FFFFFFFF,?,?,?,010038D5,?,?,00000200,?), ref: 0100348A
                                                                                                                  • Part of subcall function 0100346E: CreateFileA.KERNEL32(0100CD00,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,010038D5,?,?,00000200,?), ref: 010034B4
                                                                                                                  • Part of subcall function 0100346E: CloseHandle.KERNEL32(FFFFFFFF,?,?,?,010038D5,?,?,00000200,?), ref: 010034DE
                                                                                                                • WaitForSingleObject.KERNEL32(00000000,0000EA60,Shutdown Initiated in Self Extractor ), ref: 010039C9
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 010039D0
                                                                                                                • Sleep.KERNEL32(00002710,Shutdown Initiated in Self Extractor ), ref: 010039E9
                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 01003A1F
                                                                                                                • GetProcAddress.KERNEL32(00000000,InitiateSystemShutdownExA), ref: 01003A35
                                                                                                                • WaitForSingleObject.KERNEL32(00000000), ref: 01003A48
                                                                                                                • InitiateSystemShutdownA.ADVAPI32(00000000,00000000,00000000,?,?), ref: 01003A8B
                                                                                                                • GetLastError.KERNEL32 ref: 01003A9B
                                                                                                                • WaitForSingleObject.KERNEL32(00000BB8), ref: 01003ABB
                                                                                                                • GetLastError.KERNEL32 ref: 01003ACD
                                                                                                                • GetVersionExA.KERNEL32(?,?), ref: 01003B0C
                                                                                                                • GetVersionExA.KERNEL32(00000094), ref: 01003B2C
                                                                                                                • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 01003B43
                                                                                                                • strchr.MSVCRT ref: 01003B56
                                                                                                                • CreateFileA.KERNEL32(?,C0000000,00000007,00000000,00000003,02000000,00000000), ref: 01003B78
                                                                                                                • FlushFileBuffers.KERNEL32(00000000), ref: 01003B86
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 01003B8F
                                                                                                                • NtShutdownSystem.NTDLL ref: 01003B9B
                                                                                                                • FreeLibrary.KERNEL32(?), ref: 01003BB2
                                                                                                                Strings
                                                                                                                • @, xrefs: 01003B2E
                                                                                                                • InitiateSystemShutdownExA, xrefs: 01003A2F
                                                                                                                • Shutdown Initiated in Self Extractor , xrefs: 010039B3
                                                                                                                • WFP_IDLE_TRIGGER, xrefs: 01003984
                                                                                                                • ShutdownSystem: Failed , xrefs: 01003BC8
                                                                                                                • InitiateSystemShutdown() Failed with error 0x%lx , xrefs: 01003AD0
                                                                                                                • advapi32.dll, xrefs: 01003A1A
                                                                                                                • Failed to Adjust ENABLE_PRIVILEGE , xrefs: 01003A09
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle$FileObjectSingleSystemWait$CreateErrorLastLibraryShutdownVersion$AddressBuffersDirectoryEventFlushFreeInitiateLoadOpenProcSleepstrchr
                                                                                                                • String ID: @$Failed to Adjust ENABLE_PRIVILEGE $InitiateSystemShutdown() Failed with error 0x%lx $InitiateSystemShutdownExA$Shutdown Initiated in Self Extractor $ShutdownSystem: Failed $WFP_IDLE_TRIGGER$advapi32.dll
                                                                                                                • API String ID: 2638087656-3676156507
                                                                                                                • Opcode ID: 7a1c7a1b907803973f12d1bf947b1ffc3077485c6b2b2eb9657761a4e00d1aa0
                                                                                                                • Instruction ID: ea525c0ef0f58f0b04cd7f7f13f08e90f611286073571a1279888c73dc215274
                                                                                                                • Opcode Fuzzy Hash: 7a1c7a1b907803973f12d1bf947b1ffc3077485c6b2b2eb9657761a4e00d1aa0
                                                                                                                • Instruction Fuzzy Hash: D4517275900219AFFB73AB64DC8DEDE7BB9BB05304F0101A5F6C9AA081DB758A808B51
                                                                                                                Function 0100358B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtOpenProcessToken.NTDLL(000000FF,00000028,?), ref: 010035A1
                                                                                                                • NtAdjustPrivilegesToken.NTDLL(?,00000000,?,00000000,00000000,00000000), ref: 010035C1
                                                                                                                • NtClose.NTDLL ref: 010035CE
                                                                                                                  • Part of subcall function 0100346E: CloseHandle.KERNEL32(FFFFFFFF,?,?,?,010038D5,?,?,00000200,?), ref: 0100348A
                                                                                                                  • Part of subcall function 0100346E: CreateFileA.KERNEL32(0100CD00,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,010038D5,?,?,00000200,?), ref: 010034B4
                                                                                                                  • Part of subcall function 0100346E: CloseHandle.KERNEL32(FFFFFFFF,?,?,?,010038D5,?,?,00000200,?), ref: 010034DE
                                                                                                                Strings
                                                                                                                • RestorePrivilege(): Failed To Restore Privilege , xrefs: 010035D9
                                                                                                                • RestorePrivilege():Failed To Open Process Token, xrefs: 010035AB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Close$HandleToken$AdjustCreateFileOpenPrivilegesProcess
                                                                                                                • String ID: RestorePrivilege(): Failed To Restore Privilege $RestorePrivilege():Failed To Open Process Token
                                                                                                                • API String ID: 1340415033-792189412
                                                                                                                • Opcode ID: b8a0502ae2661f499545ef8694a518087c712bcdc019db68534c528b41fb345f
                                                                                                                • Instruction ID: 6003aa7cc984a04d304c8d02ce76eb40705ba2f6e4c4443cd9f7ac574e901191
                                                                                                                • Opcode Fuzzy Hash: b8a0502ae2661f499545ef8694a518087c712bcdc019db68534c528b41fb345f
                                                                                                                • Instruction Fuzzy Hash: DAF06235101119FFEB636BA28E0EDDF7EACEF16655F114020B695980A0D732CB00E7A1
                                                                                                                Function 010034F4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtOpenProcessToken.NTDLL(000000FF,00000028,?), ref: 0100352E
                                                                                                                • NtAdjustPrivilegesToken.NTDLL(?,00000000,00000000,00000000,00000000,?), ref: 01003561
                                                                                                                • NtClose.NTDLL ref: 0100356E
                                                                                                                • NtClose.NTDLL ref: 01003579
                                                                                                                Strings
                                                                                                                • NtOpenProcessToken Failed , xrefs: 01003538
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseToken$AdjustOpenPrivilegesProcess
                                                                                                                • String ID: NtOpenProcessToken Failed
                                                                                                                • API String ID: 2239692276-916547032
                                                                                                                • Opcode ID: a2bb500f86ff3c270a923705cdf631df0a80daa1bbf9043a241c06063efd5071
                                                                                                                • Instruction ID: 86087f3b1aaf02d6297fc597292e47099355ceb0a226902c4fcc6e84a4753d95
                                                                                                                • Opcode Fuzzy Hash: a2bb500f86ff3c270a923705cdf631df0a80daa1bbf9043a241c06063efd5071
                                                                                                                • Instruction Fuzzy Hash: E311A07590010AAFEB13DFA8C908BEE7BA8FB04305F008125B9A5DE090D372D5009B91
                                                                                                                Function 010062FF Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 010063CE
                                                                                                                • UnhandledExceptionFilter.KERNEL32(010025D8), ref: 010063D9
                                                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 010063EA
                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 010063F1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                • String ID:
                                                                                                                • API String ID: 3231755760-0
                                                                                                                • Opcode ID: 4382b4dedff7cdd383e5e3d049ffc534270b9df7dca4059a9d9760ad3e466a85
                                                                                                                • Instruction ID: 79cc3565e310fce42bdb6c08305b060dbc1bc5133d3f3caeb000c08a82c4a438
                                                                                                                • Opcode Fuzzy Hash: 4382b4dedff7cdd383e5e3d049ffc534270b9df7dca4059a9d9760ad3e466a85
                                                                                                                • Instruction Fuzzy Hash: 6C2102B4804200DBF727CF69E2586947BB0FB4A300F50839AF18987398E77A0585CF45
                                                                                                                Function 01008906 Relevance: .3, Instructions: 303COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7cdeacfce3809adc947609343e590c714e8a037b83f6e872e5a04b82d6d4fe78
                                                                                                                • Instruction ID: 5536dabd8291dbeda9af35510c629b429d179083cdfcac66a6f3fcb092366832
                                                                                                                • Opcode Fuzzy Hash: 7cdeacfce3809adc947609343e590c714e8a037b83f6e872e5a04b82d6d4fe78
                                                                                                                • Instruction Fuzzy Hash: 40C18531D096999BEB0BCF68C0947EDBFB0BF05314F18C5AAC8D6AB682D3755585CB80
                                                                                                                Function 01008CC5 Relevance: .3, Instructions: 294COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 79354d64886fc410c0814f504bfd9b30afd0e7d4cac24f3c7e689a98db7d4def
                                                                                                                • Instruction ID: 05c12d547ef16d3076343c8037f92f088cfa72b28578ee7f0be467a9befaacce
                                                                                                                • Opcode Fuzzy Hash: 79354d64886fc410c0814f504bfd9b30afd0e7d4cac24f3c7e689a98db7d4def
                                                                                                                • Instruction Fuzzy Hash: 9BC196319086959FDB0BCF68C0946EDBBB0BF05314F19C6AED9D56B282D7709A85CB80
                                                                                                                Function 01008286 Relevance: .3, Instructions: 256COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2d4f3ed40784cb1acd205159c057e8a6439da72c959da14e5084bb7fb85de03f
                                                                                                                • Instruction ID: 73eb1ad3db2b6007352114fa4a889570cc0f90ca5fb72025f5fa2ea13681cd0c
                                                                                                                • Opcode Fuzzy Hash: 2d4f3ed40784cb1acd205159c057e8a6439da72c959da14e5084bb7fb85de03f
                                                                                                                • Instruction Fuzzy Hash: 24A19031D082959FDB0ACF58C0942EDFBB1BF45314F59C2EEC9866B282C7715A85CB80
                                                                                                                Function 0100859D Relevance: .3, Instructions: 255COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3d9f84ed33e04a50cc75d73480d86f3b8f11bbc8851e627dfa954f843364c247
                                                                                                                • Instruction ID: 47a47e7724101b81cf1e1fdd9477815481a0082b8eb6285e44efc0e7966f3570
                                                                                                                • Opcode Fuzzy Hash: 3d9f84ed33e04a50cc75d73480d86f3b8f11bbc8851e627dfa954f843364c247
                                                                                                                • Instruction Fuzzy Hash: 24B1A735D082959FDB0BCF18C4946EDBBB0BF45310F19C6AFD8969B286C7709685CB90
                                                                                                                Function 0100911E Relevance: .2, Instructions: 230COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3974dae9ebb7a8bc4aa2b7da6efc4464a47bfbc8cab31630611c404ab64ff985
                                                                                                                • Instruction ID: 734c5ffc2d1f5eaf6f1fdea0ab5366f13342bdfd70bcbe669edc26b63f45a8e5
                                                                                                                • Opcode Fuzzy Hash: 3974dae9ebb7a8bc4aa2b7da6efc4464a47bfbc8cab31630611c404ab64ff985
                                                                                                                • Instruction Fuzzy Hash: 8F910630A0459A9EEB1BDF58C8887FEB3B1BB44708F5080AED98D961C2C7749985CF90
                                                                                                                Function 01009558 Relevance: .2, Instructions: 203COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: adc727b130d8a70c901193652c7c29f7f7098ede988ec518b009589487b1a216
                                                                                                                • Instruction ID: 4a48d19044e3ec236ddfe2700c74ad1dffc8538b678a9b9864d77caf5e4adf83
                                                                                                                • Opcode Fuzzy Hash: adc727b130d8a70c901193652c7c29f7f7098ede988ec518b009589487b1a216
                                                                                                                • Instruction Fuzzy Hash: 23610531A0055A8FEF1ACF6CC4905BEB7A2EBC9344F15856DD9DAD7382DA309952CB80
                                                                                                                Function 01003E7A Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 125windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadStringA.USER32(20000005,?,00000104), ref: 01003EEA
                                                                                                                • SHBrowseForFolderA.SHELL32(?), ref: 01003F2B
                                                                                                                • SHGetPathFromIDListA.SHELL32(00000000,?), ref: 01003F3D
                                                                                                                • SendDlgItemMessageA.USER32(?,0000006C,0000000C,00000000,?), ref: 01003F54
                                                                                                                • SendMessageA.USER32(?,00000028,00000000,00000000), ref: 01003F5F
                                                                                                                • SendDlgItemMessageA.USER32(?,0000006C,0000000D,00000104,?), ref: 01003F84
                                                                                                                • LoadStringA.USER32(20000005,?,00000104), ref: 01003FB0
                                                                                                                • SendMessageA.USER32(?,0000000C,00000000,?), ref: 01003FC3
                                                                                                                • SendDlgItemMessageA.USER32(?,00000067,0000000C,00000000,?), ref: 01003FDC
                                                                                                                • SendDlgItemMessageA.USER32(?,0000006C,0000000C,00000000,c:\1fc170e2ba0f8da87b9ffca6da4e715d), ref: 01003FE9
                                                                                                                • EndDialog.USER32(?,00000000), ref: 01003FF0
                                                                                                                Strings
                                                                                                                • c:\1fc170e2ba0f8da87b9ffca6da4e715d, xrefs: 01003FDE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Item$LoadString$BrowseDialogFolderFromListPath
                                                                                                                • String ID: c:\1fc170e2ba0f8da87b9ffca6da4e715d
                                                                                                                • API String ID: 4196404735-4043973618
                                                                                                                • Opcode ID: 8ff38ef0283e2243d984189d5b9706cb04c242c77a24033a99f4f0c10035e197
                                                                                                                • Instruction ID: ca6d105f0d69831a8513d52e48f8c2b8b825066bcb4f2ed050d46bdd4aedea35
                                                                                                                • Opcode Fuzzy Hash: 8ff38ef0283e2243d984189d5b9706cb04c242c77a24033a99f4f0c10035e197
                                                                                                                • Instruction Fuzzy Hash: 1F416A75504219BEFB63DB649C8DFEE7BB8EB18300F0041A5B6C5E60C0DAB59A858F60
                                                                                                                Function 0100360C Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 67libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0100367A
                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 0100369F
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetFilePatchSignatureA), ref: 010036BA
                                                                                                                • GetProcAddress.KERNEL32(ApplyPatchToFileA), ref: 010036CC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                                                • String ID: ApplyPatchToFileA$GetFilePatchSignatureA$c:\1fc170e2ba0f8da87b9ffca6da4e715d$mspatcha.dll$options$patchdll
                                                                                                                • API String ID: 2141747552-1632576469
                                                                                                                • Opcode ID: d75fadbb291985e4ccfd5039247aea78be2d5ca5f0885812797b6874b77ceae2
                                                                                                                • Instruction ID: 86fcc2cc3a29359986d7a0763a20f979a07127794a10d9aeb92e6956b3d7621c
                                                                                                                • Opcode Fuzzy Hash: d75fadbb291985e4ccfd5039247aea78be2d5ca5f0885812797b6874b77ceae2
                                                                                                                • Instruction Fuzzy Hash: 012121B1900218AFFB37DBA9DD0DBD637ACBB09304F0085A5B6C997284D7B99684CB50
                                                                                                                Function 01002D78 Relevance: 15.1, APIs: 10, Instructions: 72fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(0100D060,?,?,?,01003914), ref: 01002D82
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,01003914), ref: 01002D98
                                                                                                                • CloseHandle.KERNEL32(00000368,?,?,?,01003914), ref: 01002DAC
                                                                                                                • DeleteFileA.KERNEL32(?,?,?,?,01003914), ref: 01002DD0
                                                                                                                • GetLastError.KERNEL32(?,?,?,01003914), ref: 01002DDA
                                                                                                                • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 01002DF1
                                                                                                                • RemoveDirectoryA.KERNEL32(?,?,?,?,01003914), ref: 01002E12
                                                                                                                • GetLastError.KERNEL32(?,?,?,01003914), ref: 01002E1C
                                                                                                                • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 01002E33
                                                                                                                • LeaveCriticalSection.KERNEL32(0100D060,?,?,?,01003914), ref: 01002E44
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$CloseCriticalErrorHandleLastMoveSection$DeleteDirectoryEnterLeaveRemove
                                                                                                                • String ID:
                                                                                                                • API String ID: 3032557604-0
                                                                                                                • Opcode ID: 2a2974ac5940014a36d8b734e7ae464734aed0013697c2f22aefec969e3d7cea
                                                                                                                • Instruction ID: eaeb66f063d6c446da59646d057841921a657097434ac8a43aedc69f3ce3f5a1
                                                                                                                • Opcode Fuzzy Hash: 2a2974ac5940014a36d8b734e7ae464734aed0013697c2f22aefec969e3d7cea
                                                                                                                • Instruction Fuzzy Hash: 9E219F316403409BF6B3DB58DA4DB1A7BAAEB04721F164595F6D6E31C5C739EC00CB61
                                                                                                                Function 010033DB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetLastError.KERNEL32(75922EE0,?,?,?,?,010034CC,?,?,?,010038D5,?,?,00000200,?), ref: 010033E4
                                                                                                                • SetFilePointer.KERNEL32(FFFFFFFF,00000000,00000000,00000002,?,?,?,?,010034CC,?,?,?,010038D5,?,?,00000200), ref: 010033FD
                                                                                                                • WriteFile.KERNEL32(?,?,00000000,00000000,?,?,?,?,010034CC,?,?,?,010038D5,?,?,00000200), ref: 01003427
                                                                                                                • WriteFile.KERNEL32(***,***,00000000,00000000,?,?,?,?,?,010034CC,?,?,?,010038D5,?,?), ref: 0100344E
                                                                                                                • SetLastError.KERNEL32(?,?,?,?,?,010034CC,?,?,?,010038D5,?,?,00000200,?), ref: 0100345B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$ErrorLastWrite$Pointer
                                                                                                                • String ID: ***
                                                                                                                • API String ID: 1741213463-1787515470
                                                                                                                • Opcode ID: f259f0daa3fa8cc644dd96105249b9c34566c8285c111745a810dfbc4c84cd6b
                                                                                                                • Instruction ID: 44ff794e02d1a3db74c08f5772ca78b3d7dcc110a49943917282bb4f95e92f64
                                                                                                                • Opcode Fuzzy Hash: f259f0daa3fa8cc644dd96105249b9c34566c8285c111745a810dfbc4c84cd6b
                                                                                                                • Instruction Fuzzy Hash: 4211E5B5600108BFEB138FE8DC8CDAA3FADEB49240F014165BB81DB155EA76AD09C760
                                                                                                                Function 010044AD Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile_stricmpsprintfstrrchr
                                                                                                                • String ID: .%03u$.sys
                                                                                                                • API String ID: 3323407637-674990528
                                                                                                                • Opcode ID: 1ff158e2bc5fa47faf8acc8ac29c6469c21ce8e7ed94fe9ef2c6fd643a7bfcd0
                                                                                                                • Instruction ID: 49d5ea88e9c73088097ed9a15219229db482fa6d83c04b0c91c0a0ec1b993438
                                                                                                                • Opcode Fuzzy Hash: 1ff158e2bc5fa47faf8acc8ac29c6469c21ce8e7ed94fe9ef2c6fd643a7bfcd0
                                                                                                                • Instruction Fuzzy Hash: 9D0190352042005FF3134B6DAC889A73BE9DFCA622F10812EF7C4C31C1CE7588018364
                                                                                                                Function 01003892 Relevance: 7.5, APIs: 5, Instructions: 45windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetLastError.KERNEL32 ref: 010038A6
                                                                                                                • LoadStringA.USER32(20000003,?,00000080,?), ref: 010038ED
                                                                                                                • MessageBoxA.USER32(?,00000000,00010010), ref: 01003909
                                                                                                                • DeleteCriticalSection.KERNEL32(0100D060), ref: 01003927
                                                                                                                • ExitProcess.KERNEL32 ref: 01003935
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalDeleteErrorExitLastLoadMessageProcessSectionString
                                                                                                                • String ID:
                                                                                                                • API String ID: 3880362259-0
                                                                                                                • Opcode ID: 0930090407c2940a87bd685511672d1101a90b25c2312edca6e979305b6cca41
                                                                                                                • Instruction ID: 95fc673a3485858558866d3e75a01873537341b781b9074dca4c1e746b7b8f2d
                                                                                                                • Opcode Fuzzy Hash: 0930090407c2940a87bd685511672d1101a90b25c2312edca6e979305b6cca41
                                                                                                                • Instruction Fuzzy Hash: C2018435401118AFFB73EBA4DD8CBE977B8BB04315F140295FAC0A60C4DB795A48CBA1
                                                                                                                Function 0100628C Relevance: 7.5, APIs: 5, Instructions: 36timethreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?), ref: 010062A9
                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 010062B5
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 010062BD
                                                                                                                • GetTickCount.KERNEL32 ref: 010062C5
                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 010062D1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                • String ID:
                                                                                                                • API String ID: 1445889803-0
                                                                                                                • Opcode ID: 9f9a8a372e71f4ba5fd6d590d704713b28d7a18848ebf7ccacbe1fec22a7f2bd
                                                                                                                • Instruction ID: cb9998d7c512c76f87658832ca3486ab159dbae6228a0cd13093ddd9b699de7a
                                                                                                                • Opcode Fuzzy Hash: 9f9a8a372e71f4ba5fd6d590d704713b28d7a18848ebf7ccacbe1fec22a7f2bd
                                                                                                                • Instruction Fuzzy Hash: 00F03C36D002189BEB22EBF8E44C59AB7F9EF0C310F4106A1F591E7146DB3AE900CB80
                                                                                                                Function 01002821 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetFilePointer.KERNEL32(00000368,00000000,00000000,00000000), ref: 0100283D
                                                                                                                • ReadFile.KERNEL32(Sdwn,00000314,?,00000000), ref: 01002859
                                                                                                                • _snprintf.MSVCRT ref: 0100289F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000002.00000002.3310722051.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                                                • Associated: 00000002.00000002.3310595878.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310863299.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000002.00000002.3310913926.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$PointerRead_snprintf
                                                                                                                • String ID: Sdwn
                                                                                                                • API String ID: 1063975976-2102837186
                                                                                                                • Opcode ID: cbd71d36e9f98fb81e9e7a2f7e14d0f9a5e3fb102f12bd1d6d3dfab898bb688e
                                                                                                                • Instruction ID: 9dcb7796340e3617a47c656186b8592bb183c83f9254e4a58000cb69e97ca3b5
                                                                                                                • Opcode Fuzzy Hash: cbd71d36e9f98fb81e9e7a2f7e14d0f9a5e3fb102f12bd1d6d3dfab898bb688e
                                                                                                                • Instruction Fuzzy Hash: F311A176501344ABF7338768AA8DB623BD8A706374F1403D9F5D1A20DAC37A4B84C379

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:12.4%
                                                                                                                Dynamic/Decrypted Code Coverage:2.4%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:1847
                                                                                                                Total number of Limit Nodes:48
                                                                                                                execution_graph 71913 640f5dee 71914 640f5e11 71913->71914 71919 640f0900 71914->71919 71916 640f5e7a SetWindowLongW 71917 640f5e6c 71916->71917 71921 640f0915 71919->71921 71923 640f0937 71919->71923 71920 640f092d 71920->71923 71940 640f09a0 71920->71940 71921->71920 71927 640f3e60 71921->71927 71923->71916 71923->71917 71928 640f3e6c __EH_prolog3 71927->71928 71950 640e6615 CreateWindowExW SetWindowPos 71928->71950 71951 640e70f9 GetDlgItem 71928->71951 71929 640f3e73 SetWindowLongW 71989 640dff14 EnumChildWindows 71929->71989 71932 640f3eae GetParent SendMessageW 71934 640f3ecc GetParent GetDesktopWindow 71932->71934 71937 640f3ee4 ctype 71932->71937 71994 640de153 GetWindowLongW 71934->71994 71935 640f3ead 71935->71932 71937->71920 71941 640f09ad 71940->71941 71942 640f096e 71940->71942 71941->71942 72495 640f3ef9 71941->72495 71942->71923 71944 640f5cd1 71942->71944 71948 640f5cde 71944->71948 71945 640f5cea 71946 640f5d7b 71945->71946 71947 640f5d86 SendMessageW 71945->71947 71946->71923 71947->71946 71948->71945 71948->71946 71949 640f5d66 GetDlgItem 71948->71949 71949->71945 71950->71929 72014 640e671f 71951->72014 71953 640e7142 GetDlgItem 72057 640dedae 71953->72057 71956 640dedae 4 API calls 71957 640e7172 71956->71957 71958 640e717c ShowWindow 71957->71958 71959 640e7187 SetDlgItemTextW 71957->71959 71958->71959 72062 640dede8 71959->72062 71964 640dede8 8 API calls 71965 640e7201 71964->71965 72068 640e6abd GetDlgItem 71965->72068 71968 640e6abd 15 API calls 71969 640e722e 71968->71969 72077 640f09e0 71969->72077 72482 640dffce 71989->72482 71995 640de19f GetWindowRect 71994->71995 71996 640de182 71994->71996 71997 640de228 GetParent GetClientRect GetClientRect MapWindowPoints 71995->71997 71998 640de1b4 71995->71998 71999 640de189 GetParent 71996->71999 72000 640de193 GetWindow 71996->72000 72009 640de20f SetWindowPos 71997->72009 72002 640de1b8 GetWindowLongW 71998->72002 72003 640de1c4 MonitorFromWindow 71998->72003 72001 640de19d 71999->72001 72000->72001 72001->71995 72002->72003 72005 640de1eb GetMonitorInfoW 72003->72005 72006 640de1e4 72003->72006 72005->72006 72007 640de201 72005->72007 72010 640f87c1 _wcslwr_s_l_stat 5 API calls 72006->72010 72007->72009 72011 640de21b GetWindowRect 72007->72011 72009->72006 72012 640de2da 72010->72012 72011->72009 72012->71937 72013 640f8e26 66 API calls 2 library calls 72013->71935 72015 640e672b __EH_prolog3 72014->72015 72150 640e1e75 72015->72150 72017 640e6734 PathIsRelativeW 72018 640e675e 72017->72018 72019 640e674f _receive_impl 72017->72019 72155 640f83fd 72018->72155 72024 640e6928 72019->72024 72032 640e67a5 _receive_impl 72019->72032 72023 640e677d 72025 640ef21d 69 API calls 72023->72025 72192 640dc9bb 67 API calls 3 library calls 72024->72192 72027 640e6787 PathFileExistsW PathFileExistsW 72025->72027 72027->72019 72029 640e679b 72027->72029 72028 640e6932 72193 640dcb96 99 API calls 3 library calls 72028->72193 72181 640eea8d 99 API calls 3 library calls 72029->72181 72166 640f7f22 72032->72166 72035 640e694a _receive_impl 72194 640dd1b4 67 API calls 3 library calls 72035->72194 72037 640e68bd 72174 640e0b11 72037->72174 72038 640e68af 72191 640fdbdb RaiseException 72038->72191 72039 640ee8e8 ctype 108 API calls 72041 640e6833 72039->72041 72182 640ef143 72041->72182 72045 640e690d 72180 640f0324 SendMessageW 72045->72180 72046 640e6905 CloseHandle 72046->72045 72048 640e684a 72188 640dca39 108 API calls 3 library calls 72048->72188 72049 640e6916 72051 640e691b CloseHandle 72049->72051 72052 640e6920 ctype 72049->72052 72051->72052 72052->71953 72053 640e685b _receive_impl 72189 640dcac2 99 API calls 3 library calls 72053->72189 72055 640e6881 _receive_impl 72190 640dd170 67 API calls 3 library calls 72055->72190 72286 640f547b 72057->72286 72060 640dedcb GetDlgItem 72060->71956 72061 640dedc1 SetWindowTextW 72061->72060 72063 640dee0f 72062->72063 72064 640dee80 72063->72064 72065 640dee32 GetWindowPlacement MapDialogRect SetWindowPlacement 72063->72065 72292 640f87c1 72064->72292 72065->72064 72067 640dee8c SetDlgItemTextW 72067->71964 72069 640f547b 3 API calls 72068->72069 72070 640e6adb 72069->72070 72071 640e6af9 72070->72071 72072 640e6ae5 ShowWindow EnableWindow 72070->72072 72074 640dede8 8 API calls 72071->72074 72073 640e6b0e 72072->72073 72075 640e6b24 72073->72075 72076 640e6b15 SendMessageW 72073->72076 72074->72073 72075->71968 72076->72075 72301 641026ce 72077->72301 72079 640f09ec SendMessageW 72080 640ee8e8 ctype 108 API calls 72079->72080 72081 640f0a1f 72080->72081 72082 640ee8e8 ctype 108 API calls 72081->72082 72101 640f0a35 ctype 72082->72101 72083 640f0e39 _receive_impl 72302 64102722 72083->72302 72086 640f0cfc 72086->72083 72088 640f0d9f MapDialogRect 72086->72088 72087 640f0ae2 MapDialogRect 72087->72101 72311 640f91b7 72088->72311 72090 640f0db8 72091 640f0dbd 72090->72091 72323 640f4454 72091->72323 72096 640f0b63 ShowWindow SendMessageW 72105 640f0b20 _receive_impl 72096->72105 72098 640f0c20 LoadImageW 72100 640f0c3b 72098->72100 72098->72101 72308 640ef8de CreateWindowExW 72100->72308 72101->72086 72101->72087 72101->72098 72104 640f0c9a LoadImageW 72101->72104 72101->72105 72103 640f0c64 SendMessageW 72103->72101 72104->72101 72104->72105 72105->72101 72108 640f83fd std::bad_exception::bad_exception 67 API calls 72105->72108 72305 640f4782 110 API calls 72105->72305 72306 640ef8de CreateWindowExW 72105->72306 72307 640df589 70 API calls 3 library calls 72105->72307 72309 640ef8de CreateWindowExW 72105->72309 72310 640ef933 SendMessageW 72105->72310 72108->72105 72151 640e1e81 __EH_prolog3 72150->72151 72195 640dc419 72151->72195 72153 640e1e8a GetThreadLocale 72154 640e1ea6 ctype 72153->72154 72154->72017 72157 640f840a 72155->72157 72156 640f8437 72159 640f8923 _memcpy_s 66 API calls 72156->72159 72157->72156 72160 640e6768 72157->72160 72250 640f83ed RaiseException std::bad_exception::bad_exception 72157->72250 72159->72160 72161 640ef21d 72160->72161 72162 640ef22e ctype 72161->72162 72163 640f82d1 ctype 68 API calls 72162->72163 72164 640ef23d PathAppendW 72163->72164 72165 640ef251 72164->72165 72165->72023 72167 640f7f2f 72166->72167 72168 640f7f48 CreateFileW 72166->72168 72251 640f7e95 GetModuleHandleW GetProcAddress CreateFileW 72167->72251 72170 640f7f62 72168->72170 72172 640e681d 72170->72172 72252 640f7f08 GetLastError 72170->72252 72171 640f7f46 72171->72170 72172->72037 72172->72039 72175 640e0b1a 72174->72175 72253 640de2e1 72175->72253 72178 640e0b37 SendMessageW 72178->72045 72178->72046 72179 640e0b27 SetWindowLongW 72179->72178 72180->72049 72181->72032 72183 640ef14f __EH_prolog3 72182->72183 72257 640f8394 72183->72257 72185 640ef168 ctype 72261 640f38c5 72185->72261 72187 640ef18f ctype 72187->72048 72188->72053 72189->72055 72190->72038 72191->72037 72192->72028 72193->72035 72194->72038 72196 640dc425 __EH_prolog3 72195->72196 72197 640dc466 GetModuleFileNameW 72196->72197 72209 640f827a 72196->72209 72199 640dc47e 72197->72199 72201 640ee8e8 ctype 108 API calls 72199->72201 72202 640dc486 72201->72202 72205 640ef25e 72202->72205 72204 640dc491 _receive_impl ctype 72204->72153 72216 640f82d1 72205->72216 72208 640ef27f 72208->72204 72210 640f828b 72209->72210 72211 640f8293 72210->72211 72214 640f829c 72210->72214 72223 640f81de 72211->72223 72213 640dc463 72213->72197 72214->72213 72231 640f824b RaiseException std::bad_exception::bad_exception 72214->72231 72217 640f82dc 72216->72217 72218 640f82e6 72216->72218 72222 640f83ce RaiseException __CxxThrowException@8 std::bad_exception::bad_exception 72217->72222 72219 640ef26e PathRemoveFileSpecW 72218->72219 72221 640f827a ctype 68 API calls 72218->72221 72219->72208 72221->72219 72224 640f81fa 72223->72224 72232 64101dbe 72224->72232 72227 640f8210 72237 640f8923 72227->72237 72229 640f8229 _receive_impl 72229->72213 72231->72213 72234 64101ddd 72232->72234 72233 640f8205 72233->72227 72236 640f83ed RaiseException std::bad_exception::bad_exception 72233->72236 72234->72233 72246 64101c56 HeapAlloc 72234->72246 72238 640f8934 _memset 72237->72238 72241 640f8930 _memmove 72237->72241 72239 640f893a 72238->72239 72238->72241 72244 640f897f 72238->72244 72247 640fb570 66 API calls __getptd_noexit 72239->72247 72241->72229 72242 640f893f 72248 640fb514 11 API calls __wcsicoll 72242->72248 72244->72241 72249 640fb570 66 API calls __getptd_noexit 72244->72249 72246->72233 72247->72242 72248->72241 72249->72242 72251->72171 72252->72172 72254 640de2ef 72253->72254 72255 640de2fb GetCurrentProcess FlushInstructionCache 72253->72255 72254->72255 72256 640de329 72254->72256 72255->72256 72256->72178 72256->72179 72258 640f8398 72257->72258 72259 640f83a2 72257->72259 72270 640f83ce RaiseException __CxxThrowException@8 std::bad_exception::bad_exception 72258->72270 72259->72185 72262 640f82d1 ctype 68 API calls 72261->72262 72263 640f38df 72262->72263 72264 640f8923 _memcpy_s 66 API calls 72263->72264 72265 640f38f0 72264->72265 72266 640f8923 _memcpy_s 66 API calls 72265->72266 72267 640f3900 72266->72267 72271 640f830d 72267->72271 72272 640f8311 72271->72272 72274 640f390e 72272->72274 72285 640f83ce RaiseException __CxxThrowException@8 std::bad_exception::bad_exception 72272->72285 72274->72187 72287 640f5484 72286->72287 72288 640de2e1 2 API calls 72287->72288 72289 640f548c 72288->72289 72290 640f5494 SetWindowLongW 72289->72290 72291 640dedb8 72289->72291 72290->72291 72291->72060 72291->72061 72293 640f87cb IsDebuggerPresent 72292->72293 72294 640f87c9 72292->72294 72300 640ff0b7 72293->72300 72294->72067 72297 640faf10 SetUnhandledExceptionFilter UnhandledExceptionFilter 72298 640faf2d __call_reportfault 72297->72298 72299 640faf35 GetCurrentProcess TerminateProcess 72297->72299 72298->72299 72299->72067 72300->72297 72301->72079 72303 640f87c1 _wcslwr_s_l_stat 5 API calls 72302->72303 72304 6410272c 72303->72304 72304->72304 72305->72105 72306->72096 72307->72105 72308->72103 72309->72105 72310->72105 72314 640f91c1 72311->72314 72313 640f91db 72313->72090 72314->72313 72318 640f91dd std::exception::exception 72314->72318 72335 640f8fcb 72314->72335 72352 640fda46 _DecodePointerInternal 72314->72352 72316 640f921b 72354 640fdbb1 66 API calls std::exception::operator= 72316->72354 72318->72316 72353 640f8907 76 API calls __cinit 72318->72353 72319 640f9225 72355 640fdbdb RaiseException 72319->72355 72322 640f9236 72324 640f4466 72323->72324 72364 640f528b 72324->72364 72329 640f4800 72331 640f480b 72329->72331 72333 640f0d1a 72329->72333 72330 640f4822 72330->72333 72398 640f8eaa 72330->72398 72331->72330 72397 640f83ce RaiseException __CxxThrowException@8 std::bad_exception::bad_exception 72331->72397 72333->72083 72333->72086 72336 640f9048 72335->72336 72348 640f8fd9 72335->72348 72362 640fda46 _DecodePointerInternal 72336->72362 72338 640f904e 72363 640fb570 66 API calls __getptd_noexit 72338->72363 72341 640f9007 HeapAlloc 72341->72348 72351 640f9040 72341->72351 72343 640f9034 72360 640fb570 66 API calls __getptd_noexit 72343->72360 72347 640f8fe4 72347->72348 72356 640fd9f4 66 API calls 2 library calls 72347->72356 72357 640fd840 66 API calls 7 library calls 72347->72357 72358 640fa044 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 72347->72358 72348->72341 72348->72343 72348->72347 72349 640f9032 72348->72349 72359 640fda46 _DecodePointerInternal 72348->72359 72361 640fb570 66 API calls __getptd_noexit 72349->72361 72351->72314 72352->72314 72353->72316 72354->72319 72355->72322 72356->72347 72357->72347 72359->72348 72360->72349 72361->72351 72362->72338 72363->72351 72365 640f52a2 72364->72365 72366 640f4481 72364->72366 72365->72366 72367 640f52b1 EnterCriticalSection 72365->72367 72382 640f63d4 72366->72382 72368 640f53da LeaveCriticalSection 72367->72368 72369 640f52c7 72367->72369 72368->72366 72370 640f533f LoadCursorW 72369->72370 72371 640f52ce GetClassInfoExW 72369->72371 72372 640f531e 72370->72372 72371->72372 72373 640f52f7 GetClassInfoExW 72371->72373 72375 640f5387 GetClassInfoExW 72372->72375 72391 640f9136 97 API calls swprintf 72372->72391 72373->72372 72374 640f530c LeaveCriticalSection 72373->72374 72374->72366 72375->72368 72376 640f53ae RegisterClassExW 72375->72376 72378 640f53cf 72376->72378 72379 640f53c1 72376->72379 72378->72368 72392 640ee876 71 API calls 2 library calls 72379->72392 72380 640f5381 72380->72375 72383 640de2e1 2 API calls 72382->72383 72384 640f63e9 72383->72384 72385 640f63ed SetLastError 72384->72385 72386 640f63f9 72384->72386 72387 640f0e00 SendMessageW ShowWindow 72385->72387 72386->72387 72393 640f7dd2 72386->72393 72387->72329 72390 640f6408 CreateWindowExW 72390->72387 72391->72380 72392->72378 72394 640f7e09 RaiseException 72393->72394 72395 640f7dd6 72393->72395 72395->72394 72396 640f7dda GetCurrentThreadId EnterCriticalSection LeaveCriticalSection 72395->72396 72396->72390 72399 640f8eb9 72398->72399 72400 640f8ed4 72398->72400 72399->72400 72401 640f8ec5 72399->72401 72402 640f8ee9 72400->72402 72408 640faf4e 67 API calls __wcsicoll 72400->72408 72407 640fb570 66 API calls __getptd_noexit 72401->72407 72409 640fd763 72402->72409 72406 640f8eca _memset 72406->72333 72407->72406 72408->72402 72410 640fd76e 72409->72410 72411 640fd779 72409->72411 72412 640f8fcb _malloc 66 API calls 72410->72412 72413 640fd781 72411->72413 72420 640fd78e 72411->72420 72414 640fd776 72412->72414 72430 640f8e26 66 API calls 2 library calls 72413->72430 72414->72406 72416 640fd7c6 72432 640fda46 _DecodePointerInternal 72416->72432 72418 640fd796 HeapReAlloc 72418->72420 72429 640fd789 __dosmaperr 72418->72429 72419 640fd7cc 72433 640fb570 66 API calls __getptd_noexit 72419->72433 72420->72416 72420->72418 72422 640fd7f6 72420->72422 72426 640fd7de 72420->72426 72431 640fda46 _DecodePointerInternal 72420->72431 72435 640fb570 66 API calls __getptd_noexit 72422->72435 72425 640fd7fb GetLastError 72425->72429 72434 640fb570 66 API calls __getptd_noexit 72426->72434 72428 640fd7e3 GetLastError 72428->72429 72429->72406 72430->72429 72431->72420 72432->72419 72433->72429 72434->72428 72435->72425 72483 640dffe9 72482->72483 72484 640dff2d 72482->72484 72483->72484 72493 640f83ce RaiseException __CxxThrowException@8 std::bad_exception::bad_exception 72483->72493 72487 640e007b 72484->72487 72488 640e0096 SetWindowPos 72487->72488 72491 640e008c 72487->72491 72490 640dff32 72488->72490 72488->72491 72490->71932 72490->72013 72492 640e00d1 SetWindowPos 72491->72492 72494 640f83ce RaiseException __CxxThrowException@8 std::bad_exception::bad_exception 72491->72494 72492->72490 72492->72491 72496 640f3f1e 72495->72496 72497 640f3f0b GetParent 72495->72497 72498 640f3f45 72496->72498 72499 640f3f35 72496->72499 72500 640f3f51 72496->72500 72503 640f3f16 72496->72503 72497->72496 72497->72503 72538 640f4870 131 API calls 3 library calls 72498->72538 72507 640e757c 72499->72507 72500->72503 72504 640f3f61 72500->72504 72503->71942 72539 640dfed9 SendMessageW 72504->72539 72506 640f3f7b 72506->72503 72508 640e7588 __EH_prolog3 72507->72508 72509 640e759c 72508->72509 72510 640e7597 72508->72510 72512 640e7624 72509->72512 72513 640ee8e8 ctype 108 API calls 72509->72513 72578 640e12ab 6 API calls ctype 72510->72578 72518 640e7679 GetParent 72512->72518 72519 640e764a GetParent SendMessageW 72512->72519 72514 640e75b9 72513->72514 72579 640dc9bb 67 API calls 3 library calls 72514->72579 72516 640e75ca _receive_impl 72580 640dc9f6 67 API calls std::bad_exception::bad_exception 72516->72580 72540 640df415 72518->72540 72524 640e775b ctype 72519->72524 72524->72503 72526 640e75e5 _receive_impl 72581 640dd1b4 67 API calls 3 library calls 72526->72581 72528 640f83fd std::bad_exception::bad_exception 67 API calls 72530 640e76bc 72528->72530 72529 640e7616 72582 640fdbdb RaiseException 72529->72582 72532 640f83fd std::bad_exception::bad_exception 67 API calls 72530->72532 72533 640e76e3 72532->72533 72566 640efb4f 72533->72566 72535 640e76f3 SendMessageW 72536 640e7726 SetWindowLongW GetParent SetWindowTextW PostMessageW 72535->72536 72537 640e7716 KiUserCallbackDispatcher 72535->72537 72536->72524 72537->72536 72538->72503 72539->72506 72541 640df426 72540->72541 72583 640df24c GetDlgItem 72541->72583 72543 640df432 72544 640df24c 5 API calls 72543->72544 72545 640df447 72544->72545 72546 640df24c 5 API calls 72545->72546 72547 640df45c 72546->72547 72548 640df24c 5 API calls 72547->72548 72549 640df471 GetDlgItem GetWindowLongW 72548->72549 72550 640df494 72549->72550 72551 640df49f 72550->72551 72552 640df4b1 72550->72552 72553 640df4ca 72551->72553 72554 640df4a3 72551->72554 72552->72553 72555 640df4b5 72552->72555 72560 640e77a9 72553->72560 72590 640df527 7 API calls _wcslwr_s_l_stat 72554->72590 72591 640df527 7 API calls _wcslwr_s_l_stat 72555->72591 72558 640df4ad SetWindowLongW 72558->72553 72561 640e77b4 SendMessageW 72560->72561 72563 640e77da 72561->72563 72592 640de389 GetParent PostMessageW 72563->72592 72565 640e76a1 72565->72528 72593 6410265b 72566->72593 72568 640efb5b GetParent SendMessageW 72569 640efb8a 72568->72569 72570 640efb95 72568->72570 72594 640eea8d 99 API calls 3 library calls 72569->72594 72572 640efba9 72570->72572 72595 640eea8d 99 API calls 3 library calls 72570->72595 72574 640efbc7 72572->72574 72575 640efbb2 GetParent SendMessageW 72572->72575 72576 640efbd0 GetParent SendMessageW 72574->72576 72577 640efbe5 _receive_impl ctype 72574->72577 72575->72574 72576->72577 72577->72535 72578->72509 72579->72516 72580->72526 72581->72529 72582->72512 72584 640df266 72583->72584 72585 640df2a2 ShowWindow 72584->72585 72587 640df26a SetWindowTextW ShowWindow 72584->72587 72586 640df2ad KiUserCallbackDispatcher 72585->72586 72586->72543 72589 640df29c 72587->72589 72589->72586 72590->72558 72591->72558 72592->72565 72593->72568 72594->72570 72595->72572 72596 640e698a 72597 640e6996 72596->72597 72601 640e69c2 72596->72601 72598 640e699c ReadFile 72597->72598 72597->72601 72599 640e69bd 72598->72599 72598->72601 72602 640f7f08 GetLastError 72599->72602 72602->72601 72603 640dff39 GetWindowPlacement 72604 640dff9d 72603->72604 72605 640dff87 72603->72605 72607 640f87c1 _wcslwr_s_l_stat 5 API calls 72604->72607 72611 640f76ee 67 API calls 2 library calls 72605->72611 72609 640dffc5 72607->72609 72608 640dff8f 72608->72604 72612 640f83ce RaiseException __CxxThrowException@8 std::bad_exception::bad_exception 72608->72612 72611->72608 72613 640ebc2b 72614 640ebc36 72613->72614 72615 640ebc3b 72613->72615 72652 640de7d4 GetThreadLocale GetThreadLocale 72614->72652 72618 640ebc51 72615->72618 72627 640f7d78 EnterCriticalSection 72615->72627 72619 640ebc6f 72620 640de2e1 2 API calls 72619->72620 72621 640ebc84 72620->72621 72622 640ebc88 SetWindowLongW 72621->72622 72623 640ebc9b 72621->72623 72622->72623 72631 640f42e3 72623->72631 72628 640f7d95 GetCurrentThreadId 72627->72628 72629 640f7dc0 LeaveCriticalSection 72627->72629 72630 640f7d9d 72628->72630 72629->72619 72630->72629 72632 640ebca6 72631->72632 72633 640f42f5 72631->72633 72635 640ebcbb 72632->72635 72653 640f8e26 66 API calls 2 library calls 72633->72653 72636 640ebcc7 __EH_prolog3 72635->72636 72654 640f1dcd 72636->72654 72652->72615 72653->72632 72665 6410265b 72654->72665 72656 640f1dd9 GetCommandLineW 72666 640dbe03 72656->72666 72658 640f1dea 72742 640db9a7 72658->72742 72660 640f1dfe 72772 640dc137 72660->72772 72665->72656 72667 640dbe0f __EH_prolog3 72666->72667 72668 640ee8e8 ctype 108 API calls 72667->72668 72669 640dbe2a 72668->72669 72670 640dc11a _receive_impl ctype 72669->72670 72671 640ee8e8 ctype 108 API calls 72669->72671 72670->72658 72672 640dbe55 72671->72672 72673 640ef35e 71 API calls 72672->72673 72674 640dbe61 _receive_impl 72673->72674 72675 640ee8e8 ctype 108 API calls 72674->72675 72676 640dbe7e 72675->72676 72677 640ef35e 71 API calls 72676->72677 72678 640dbe8a _receive_impl 72677->72678 72679 640ee8e8 ctype 108 API calls 72678->72679 72680 640dbea7 72679->72680 72681 640ef35e 71 API calls 72680->72681 72682 640dbeb3 _receive_impl 72681->72682 72683 640ee8e8 ctype 108 API calls 72682->72683 72684 640dbed0 72683->72684 72685 640ef35e 71 API calls 72684->72685 72686 640dbedc _receive_impl 72685->72686 72687 640ee8e8 ctype 108 API calls 72686->72687 72688 640dbef9 72687->72688 72689 640ef35e 71 API calls 72688->72689 72690 640dbf05 _receive_impl 72689->72690 72691 640ee8e8 ctype 108 API calls 72690->72691 72692 640dbf22 72691->72692 72693 640ef35e 71 API calls 72692->72693 72694 640dbf2e _receive_impl 72693->72694 72695 640ee8e8 ctype 108 API calls 72694->72695 72696 640dbf4b 72695->72696 72697 640ef35e 71 API calls 72696->72697 72698 640dbf57 _receive_impl 72697->72698 72699 640ee8e8 ctype 108 API calls 72698->72699 72700 640dbf74 72699->72700 72701 640ef35e 71 API calls 72700->72701 72702 640dbf80 _receive_impl 72701->72702 72703 640ee8e8 ctype 108 API calls 72702->72703 72704 640dbf9d 72703->72704 72705 640ef35e 71 API calls 72704->72705 72706 640dbfa9 _receive_impl 72705->72706 72707 640ee8e8 ctype 108 API calls 72706->72707 72708 640dbfc6 72707->72708 72709 640ef35e 71 API calls 72708->72709 72710 640dbfd2 _receive_impl 72709->72710 72711 640ee8e8 ctype 108 API calls 72710->72711 72712 640dbfef 72711->72712 72713 640ef35e 71 API calls 72712->72713 72714 640dbffb _receive_impl 72713->72714 72715 640ee8e8 ctype 108 API calls 72714->72715 72716 640dc018 72715->72716 72717 640ef35e 71 API calls 72716->72717 72718 640dc024 _receive_impl 72717->72718 72719 640ee8e8 ctype 108 API calls 72718->72719 72720 640dc041 72719->72720 72721 640ef35e 71 API calls 72720->72721 72722 640dc04d _receive_impl 72721->72722 72723 640ee8e8 ctype 108 API calls 72722->72723 72724 640dc06a 72723->72724 72725 640ef35e 71 API calls 72724->72725 72726 640dc076 _receive_impl 72725->72726 72727 640ee8e8 ctype 108 API calls 72726->72727 72728 640dc093 72727->72728 72729 640ef35e 71 API calls 72728->72729 72730 640dc09f _receive_impl 72729->72730 72731 640ee8e8 ctype 108 API calls 72730->72731 72732 640dc0bc 72731->72732 72733 640ef35e 71 API calls 72732->72733 72734 640dc0c8 _receive_impl 72733->72734 72735 640ee8e8 ctype 108 API calls 72734->72735 72736 640dc0e5 72735->72736 72737 640ef35e 71 API calls 72736->72737 72738 640dc0f1 _receive_impl 72737->72738 72739 640ee8e8 ctype 108 API calls 72738->72739 72740 640dc10e 72739->72740 72741 640ef35e 71 API calls 72740->72741 72741->72670 72743 640db9b3 __EH_prolog3 72742->72743 72744 640ee8e8 ctype 108 API calls 72743->72744 72745 640db9c6 72744->72745 72775 640eed56 72745->72775 72748 640f83fd std::bad_exception::bad_exception 67 API calls 72749 640db9e0 72748->72749 72750 640eed56 100 API calls 72749->72750 72751 640db9f2 72750->72751 72752 640ef143 99 API calls 72751->72752 72753 640dba03 72752->72753 72754 640ef0e8 99 API calls 72753->72754 72755 640dba1f 72754->72755 72756 640ef143 99 API calls 72755->72756 72759 640dba66 _receive_impl 72755->72759 72757 640dba4c 72756->72757 72758 640ef0e8 99 API calls 72757->72758 72758->72759 72760 640ef143 99 API calls 72759->72760 72769 640dbae2 _receive_impl ctype 72759->72769 72761 640dbafb 72760->72761 72782 640eef06 67 API calls std::bad_exception::bad_exception 72761->72782 72763 640dbb1c 72783 640eeb0a 72763->72783 72766 640ef143 99 API calls 72767 640dbb46 72766->72767 72787 640eef06 67 API calls std::bad_exception::bad_exception 72767->72787 72769->72660 72770 640dbb6a 72771 640eeb0a RaiseException 72770->72771 72771->72769 72852 640ef3ec 66 API calls 2 library calls 72772->72852 72774 640dc14b 72776 640f82d1 ctype 68 API calls 72775->72776 72777 640eed67 72776->72777 72788 640f9980 72777->72788 72780 640f830d ctype 99 API calls 72781 640db9d2 72780->72781 72781->72748 72782->72763 72784 640eeb13 72783->72784 72786 640dbb31 72783->72786 72851 640f83ce RaiseException __CxxThrowException@8 std::bad_exception::bad_exception 72784->72851 72786->72766 72786->72769 72787->72770 72791 640f9948 72788->72791 72796 640f929f 72791->72796 72797 640f92b2 72796->72797 72803 640f92ff 72796->72803 72837 640f9be0 66 API calls 2 library calls 72797->72837 72799 640f92b7 72800 640f92df 72799->72800 72838 640fe60f 74 API calls 6 library calls 72799->72838 72800->72803 72839 640fde5e 68 API calls 6 library calls 72800->72839 72804 640f97d3 72803->72804 72805 640f97ef 72804->72805 72806 640f9803 _wcsnlen 72804->72806 72840 640fb570 66 API calls __getptd_noexit 72805->72840 72806->72805 72809 640f981a 72806->72809 72808 640f97f4 72841 640fb514 11 API calls __wcsicoll 72808->72841 72814 640f97fe 72809->72814 72842 640fe68d LCMapStringW _wcsnlen 72809->72842 72812 640f9860 72815 640f986c 72812->72815 72816 640f9883 72812->72816 72813 640f87c1 _wcslwr_s_l_stat 5 API calls 72818 640eed71 72813->72818 72814->72813 72843 640fb570 66 API calls __getptd_noexit 72815->72843 72817 640f9888 72816->72817 72826 640f9899 72816->72826 72845 640fb570 66 API calls __getptd_noexit 72817->72845 72818->72780 72821 640f9871 72844 640fb570 66 API calls __getptd_noexit 72821->72844 72822 640f98e4 72846 640fb570 66 API calls __getptd_noexit 72822->72846 72823 640f98f1 72847 640fe68d LCMapStringW _wcsnlen 72823->72847 72829 640f98b4 _wcslwr_s_l_stat 72826->72829 72830 640f8fcb _malloc 66 API calls 72826->72830 72828 640f9904 72831 640f991c 72828->72831 72832 640f990b 72828->72832 72829->72822 72829->72823 72830->72829 72849 640fb570 66 API calls __getptd_noexit 72831->72849 72848 640f8d93 66 API calls __wcsicoll 72832->72848 72835 640f9915 72850 640f927a 66 API calls __freea 72835->72850 72837->72799 72838->72800 72839->72803 72840->72808 72841->72814 72842->72812 72843->72821 72844->72814 72845->72808 72846->72821 72847->72828 72848->72835 72849->72835 72850->72814 72852->72774 72853 640f8789 72854 640f8799 72853->72854 72855 640f8794 72853->72855 72859 640f868e 72854->72859 72867 640fada3 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 72855->72867 72858 640f87a7 72860 640f869a ___BuildCatchObjectHelper 72859->72860 72863 640f86e7 ___DllMainCRTStartup 72860->72863 72865 640f8737 ___BuildCatchObjectHelper 72860->72865 72868 640f8525 72860->72868 72862 640f8717 72864 640f8525 __CRT_INIT@12 149 API calls 72862->72864 72862->72865 72863->72862 72863->72865 72866 640f8525 __CRT_INIT@12 149 API calls 72863->72866 72864->72865 72865->72858 72866->72862 72867->72854 72869 640f8531 ___BuildCatchObjectHelper 72868->72869 72870 640f8539 72869->72870 72871 640f85b3 72869->72871 72920 640fa9e5 HeapCreate 72870->72920 72873 640f85b9 72871->72873 72874 640f8614 72871->72874 72880 640f85d7 72873->72880 72887 640f8542 ___BuildCatchObjectHelper 72873->72887 72930 640fa2da 66 API calls _doexit 72873->72930 72875 640f8619 72874->72875 72876 640f8672 72874->72876 72935 640f9a2e TlsGetValue _DecodePointerInternal TlsSetValue 72875->72935 72876->72887 72939 640f9d33 79 API calls __freefls@4 72876->72939 72877 640f853e 72879 640f8549 72877->72879 72877->72887 72921 640f9da6 86 API calls 4 library calls 72879->72921 72881 640f85eb 72880->72881 72931 640fa55b 67 API calls __freea 72880->72931 72934 640f85fe 70 API calls __mtterm 72881->72934 72883 640f861e 72936 640f9f70 66 API calls _calloc 72883->72936 72886 640f854e __RTC_Initialize 72891 640f8552 72886->72891 72899 640f855e GetCommandLineA 72886->72899 72887->72863 72922 640faa08 HeapDestroy 72891->72922 72892 640f85e1 72932 640f9a67 70 API calls __freea 72892->72932 72893 640f862a 72893->72887 72894 640f8636 _DecodePointerInternal 72893->72894 72900 640f864b 72894->72900 72897 640f8557 72897->72887 72898 640f85e6 72933 640faa08 HeapDestroy 72898->72933 72923 640fa8f3 71 API calls 2 library calls 72899->72923 72903 640f864f 72900->72903 72904 640f8666 72900->72904 72937 640f9aa9 66 API calls 4 library calls 72903->72937 72938 640f8e26 66 API calls 2 library calls 72904->72938 72905 640f856e 72924 640fa311 73 API calls __calloc_crt 72905->72924 72909 640f8656 GetCurrentThreadId 72909->72887 72910 640f8578 72911 640f857c 72910->72911 72926 640fa833 95 API calls 3 library calls 72910->72926 72925 640f9a67 70 API calls __freea 72911->72925 72914 640f8588 72915 640f859c 72914->72915 72927 640fa5b3 94 API calls 6 library calls 72914->72927 72915->72897 72929 640fa55b 67 API calls __freea 72915->72929 72918 640f8591 72918->72915 72928 640fa0de 77 API calls 4 library calls 72918->72928 72920->72877 72921->72886 72922->72897 72923->72905 72924->72910 72925->72891 72926->72914 72927->72918 72928->72915 72929->72911 72930->72880 72931->72892 72932->72898 72933->72881 72934->72887 72935->72883 72936->72893 72937->72909 72938->72897 72939->72887 72940 640edf19 72947 640eca5a 72940->72947 72944 640edf6c GetExitCodeThread CloseHandle 72953 640ecb21 74 API calls 4 library calls 72944->72953 72946 640edf9b 72954 640e09a7 LoadLibraryW 72947->72954 72949 640eca98 72955 640e65d7 InitCommonControlsEx 72949->72955 72951 640ecb14 CreateThread 72952 640f03f5 MsgWaitForMultipleObjects PeekMessageW TranslateMessage DispatchMessageW PeekMessageW 72951->72952 72956 640edfab 8 API calls 72951->72956 72952->72944 72953->72946 72954->72949 72955->72951 72957 640e0f16 72978 640f7acf 74 API calls 2 library calls 72957->72978 72959 640e0f75 72979 640e0eca SendMessageW 72959->72979 72961 640e0f7f 72962 640ee8e8 ctype 108 API calls 72961->72962 72963 640e0f8e 72962->72963 72972 640f0389 72963->72972 72966 640e0fc5 _receive_impl 72981 640f7c57 CloseHandle DeleteFileW CloseHandle 72966->72981 72969 640e0fda 72970 640f87c1 _wcslwr_s_l_stat 5 API calls 72969->72970 72971 640e0ffa 72970->72971 72973 640f03b9 _memset 72972->72973 72973->72973 72982 640f3bc0 72973->72982 72976 640f87c1 _wcslwr_s_l_stat 5 API calls 72977 640e0fae 72976->72977 72977->72966 72980 640f7bec 6 API calls 72977->72980 72978->72959 72979->72961 72980->72966 72981->72969 73009 641026ce 72982->73009 72984 640f3bcf GetCurrentDirectoryW 73010 640ef6de 72984->73010 72987 640f7dd2 4 API calls 72988 640f3c34 72987->72988 72989 640f3c4c GetSaveFileNameW 72988->72989 72990 640f3c44 GetOpenFileNameW 72988->72990 72991 640f3c52 72989->72991 72990->72991 72992 640f3c6c SetCurrentDirectoryW 72991->72992 72993 640f3c79 72991->72993 72992->72993 72994 640f3c7e 72993->72994 72995 640f3c9d 72993->72995 73007 640f3c96 72994->73007 73020 6410216c GetProcessHeap HeapFree InterlockedPushEntrySList ctype 72994->73020 73001 640f3cb5 72995->73001 73021 640f83ed RaiseException std::bad_exception::bad_exception 72995->73021 72997 64102722 5 API calls 72998 640f03e4 72997->72998 72998->72976 73000 640f3ccd 73003 640f8923 _memcpy_s 66 API calls 73000->73003 73001->73000 73022 640f83ce RaiseException __CxxThrowException@8 std::bad_exception::bad_exception 73001->73022 73004 640f3ced 73003->73004 73023 640eea8d 99 API calls 3 library calls 73004->73023 73006 640f3d01 _receive_impl 73006->73007 73024 6410216c GetProcessHeap HeapFree InterlockedPushEntrySList ctype 73006->73024 73007->72997 73009->72984 73011 640ef6ed _memset __EH_prolog3_GS 73010->73011 73012 640ef746 GetVersionExW 73011->73012 73013 640ef764 73012->73013 73014 640ef7e5 73013->73014 73025 640f9064 66 API calls __wcsicoll 73013->73025 73016 64102722 5 API calls 73014->73016 73018 640ef7ec 73016->73018 73017 640ef7dd 73026 640f7e20 RaiseException std::bad_exception::bad_exception 73017->73026 73018->72987 73020->73007 73023->73006 73024->73007 73025->73017 73026->73014 73027 6cc5830c 73034 6cc5f821 73027->73034 73090 6cc576a7 73034->73090 73091 6cc576b3 __EH_prolog3 73090->73091 73124 6cc7c0aa 73091->73124 73094 6cc57716 73144 6cc277af RegOpenKeyExW 73094->73144 73098 6cc7c0aa ctype 77 API calls 73099 6cc5772f GetModuleHandleW 73098->73099 73101 6cc57752 GetProcAddress 73099->73101 73102 6cc5776f SetUnhandledExceptionFilter GetCommandLineW 73099->73102 73101->73102 73103 6cc57769 SetThreadStackGuarantee 73101->73103 73152 6cc23e77 73102->73152 73103->73102 73105 6cc5778a 73264 6cc69293 GetCommandLineW 73105->73264 73111 6cc577c5 73332 6cc241d6 73111->73332 73126 6cc7c0b4 73124->73126 73127 6cc57704 73126->73127 73131 6cc7c0d0 std::exception::exception 73126->73131 73340 6cc7bfb3 73126->73340 73357 6cc81247 _DecodePointerInternal 73126->73357 73127->73094 73136 6cc27c6e 73127->73136 73129 6cc7c10e 73359 6cc813ee 66 API calls std::exception::operator= 73129->73359 73131->73129 73358 6cc7b1d7 76 API calls __cinit 73131->73358 73132 6cc7c118 73360 6cc814aa 73132->73360 73135 6cc7c129 73137 6cc27c7a __EH_prolog3 73136->73137 73371 6cc78e54 73137->73371 73140 6cc78e54 ctype KiUserExceptionDispatcher 73141 6cc27cba 73140->73141 73375 6cc27ce8 73141->73375 73143 6cc27cd9 ctype 73143->73094 73145 6cc277f2 RegCreateKeyExW 73144->73145 73146 6cc2785b RegCloseKey 73144->73146 73145->73146 73147 6cc2780f 73145->73147 73148 6cc7b091 ___crtMessageBoxW 5 API calls 73146->73148 73620 6cc2787b 73147->73620 73149 6cc27874 73148->73149 73149->73098 73151 6cc2781a RegSetValueExW RegSetValueExW 73151->73146 73153 6cc23e83 __EH_prolog3 73152->73153 73154 6cc5833e ctype 109 API calls 73153->73154 73155 6cc23e9f 73154->73155 73156 6cc2419a ctype 73155->73156 73157 6cc5833e ctype 109 API calls 73155->73157 73156->73105 73158 6cc23eca 73157->73158 73696 6cc59067 71 API calls 4 library calls 73158->73696 73160 6cc23ed6 73161 6cc78f0e ctype RtlFreeHeap 73160->73161 73162 6cc23ee5 73161->73162 73163 6cc5833e ctype 109 API calls 73162->73163 73164 6cc23ef3 73163->73164 73697 6cc59067 71 API calls 4 library calls 73164->73697 73166 6cc23eff 73167 6cc78f0e ctype RtlFreeHeap 73166->73167 73168 6cc23f0e 73167->73168 73169 6cc5833e ctype 109 API calls 73168->73169 73170 6cc23f1c 73169->73170 73698 6cc59067 71 API calls 4 library calls 73170->73698 73172 6cc23f28 73173 6cc78f0e ctype RtlFreeHeap 73172->73173 73174 6cc23f37 73173->73174 73175 6cc5833e ctype 109 API calls 73174->73175 73176 6cc23f45 73175->73176 73699 6cc59067 71 API calls 4 library calls 73176->73699 73178 6cc23f51 73179 6cc78f0e ctype RtlFreeHeap 73178->73179 73180 6cc23f60 73179->73180 73181 6cc5833e ctype 109 API calls 73180->73181 73182 6cc23f6e 73181->73182 73700 6cc59067 71 API calls 4 library calls 73182->73700 73184 6cc23f7a 73185 6cc78f0e ctype RtlFreeHeap 73184->73185 73186 6cc23f89 73185->73186 73187 6cc5833e ctype 109 API calls 73186->73187 73188 6cc23f97 73187->73188 73701 6cc59067 71 API calls 4 library calls 73188->73701 73190 6cc23fa3 73191 6cc78f0e ctype RtlFreeHeap 73190->73191 73192 6cc23fb2 73191->73192 73193 6cc5833e ctype 109 API calls 73192->73193 73194 6cc23fc0 73193->73194 73702 6cc59067 71 API calls 4 library calls 73194->73702 73196 6cc23fcc 73197 6cc78f0e ctype RtlFreeHeap 73196->73197 73198 6cc23fdb 73197->73198 73199 6cc5833e ctype 109 API calls 73198->73199 73200 6cc23fe9 73199->73200 73703 6cc59067 71 API calls 4 library calls 73200->73703 73202 6cc23ff5 73203 6cc78f0e ctype RtlFreeHeap 73202->73203 73204 6cc24004 73203->73204 73205 6cc5833e ctype 109 API calls 73204->73205 73206 6cc24012 73205->73206 73704 6cc59067 71 API calls 4 library calls 73206->73704 73208 6cc2401e 73209 6cc78f0e ctype RtlFreeHeap 73208->73209 73210 6cc2402d 73209->73210 73211 6cc5833e ctype 109 API calls 73210->73211 73212 6cc2403b 73211->73212 73705 6cc59067 71 API calls 4 library calls 73212->73705 73214 6cc24047 73215 6cc78f0e ctype RtlFreeHeap 73214->73215 73216 6cc24056 73215->73216 73217 6cc5833e ctype 109 API calls 73216->73217 73218 6cc24064 73217->73218 73706 6cc59067 71 API calls 4 library calls 73218->73706 73220 6cc24070 73221 6cc78f0e ctype RtlFreeHeap 73220->73221 73222 6cc2407f 73221->73222 73223 6cc5833e ctype 109 API calls 73222->73223 73224 6cc2408d 73223->73224 73707 6cc59067 71 API calls 4 library calls 73224->73707 73226 6cc24099 73227 6cc78f0e ctype RtlFreeHeap 73226->73227 73228 6cc240a8 73227->73228 73229 6cc5833e ctype 109 API calls 73228->73229 73230 6cc240b6 73229->73230 73708 6cc59067 71 API calls 4 library calls 73230->73708 73232 6cc240c2 73233 6cc78f0e ctype RtlFreeHeap 73232->73233 73234 6cc240d1 73233->73234 73235 6cc5833e ctype 109 API calls 73234->73235 73236 6cc240df 73235->73236 73709 6cc59067 71 API calls 4 library calls 73236->73709 73238 6cc240eb 73239 6cc78f0e ctype RtlFreeHeap 73238->73239 73240 6cc240fa 73239->73240 73241 6cc5833e ctype 109 API calls 73240->73241 73242 6cc24108 73241->73242 73710 6cc59067 71 API calls 4 library calls 73242->73710 73244 6cc24114 73245 6cc78f0e ctype RtlFreeHeap 73244->73245 73246 6cc24123 73245->73246 73247 6cc5833e ctype 109 API calls 73246->73247 73248 6cc24131 73247->73248 73711 6cc59067 71 API calls 4 library calls 73248->73711 73250 6cc2413d 73251 6cc78f0e ctype RtlFreeHeap 73250->73251 73252 6cc2414c 73251->73252 73253 6cc5833e ctype 109 API calls 73252->73253 73254 6cc2415a 73253->73254 73712 6cc59067 71 API calls 4 library calls 73254->73712 73256 6cc24166 73257 6cc78f0e ctype RtlFreeHeap 73256->73257 73258 6cc24175 73257->73258 73259 6cc5833e ctype 109 API calls 73258->73259 73260 6cc24183 73259->73260 73713 6cc59067 71 API calls 4 library calls 73260->73713 73262 6cc2418f 73263 6cc78f0e ctype RtlFreeHeap 73262->73263 73263->73156 73265 6cc23e77 ctype 113 API calls 73264->73265 73266 6cc692d0 73265->73266 73714 6cc24486 73266->73714 73269 6cc78f0e ctype RtlFreeHeap 73270 6cc692f4 73269->73270 73271 6cc692f8 73270->73271 73717 6cc2423c 110 API calls ctype 73270->73717 73274 6cc241a9 ctype 67 API calls 73271->73274 73273 6cc69320 73273->73271 73276 6cc23a16 ctype 110 API calls 73273->73276 73275 6cc57793 73274->73275 73277 6cc2420c 73275->73277 73276->73271 73278 6cc241d6 110 API calls 73277->73278 73279 6cc24216 73278->73279 73280 6cc2422a 73279->73280 73281 6cc23a16 ctype 110 API calls 73279->73281 73282 6cc23a16 73280->73282 73281->73280 73283 6cc23a22 __EH_prolog3 73282->73283 73284 6cc5833e ctype 109 API calls 73283->73284 73285 6cc23a36 73284->73285 73798 6cc588d1 73285->73798 73288 6cc78eab std::bad_exception::bad_exception 67 API calls 73289 6cc23a50 73288->73289 73290 6cc588d1 ctype 101 API calls 73289->73290 73291 6cc23a62 73290->73291 73805 6cc58cd5 73291->73805 73293 6cc23a73 73811 6cc58c7a 73293->73811 73295 6cc23a8f ctype 73296 6cc58cd5 ctype 100 API calls 73295->73296 73302 6cc23ad6 ctype 73295->73302 73297 6cc23abc 73296->73297 73299 6cc58c7a ctype 100 API calls 73297->73299 73298 6cc23b0c 73301 6cc23b1f 73298->73301 73303 6cc78f0e ctype RtlFreeHeap 73298->73303 73299->73302 73300 6cc78f0e ctype RtlFreeHeap 73300->73298 73304 6cc23b32 73301->73304 73305 6cc78f0e ctype RtlFreeHeap 73301->73305 73302->73298 73302->73300 73303->73301 73306 6cc23b4c 73304->73306 73307 6cc78f0e ctype RtlFreeHeap 73304->73307 73305->73304 73308 6cc58cd5 ctype 100 API calls 73306->73308 73310 6cc23b52 73306->73310 73307->73306 73309 6cc23b6b 73308->73309 73817 6cc58a98 73309->73817 73312 6cc78f0e ctype RtlFreeHeap 73310->73312 73314 6cc23c74 73312->73314 73316 6cc78f0e ctype RtlFreeHeap 73314->73316 73318 6cc23c7f ctype 73316->73318 73318->73111 73319 6cc23bf2 73321 6cc23c13 73319->73321 73323 6cc78f0e ctype RtlFreeHeap 73319->73323 73320 6cc58cd5 ctype 100 API calls 73322 6cc23bb6 73320->73322 73324 6cc23c26 73321->73324 73326 6cc78f0e ctype RtlFreeHeap 73321->73326 73325 6cc58a98 ctype 67 API calls 73322->73325 73323->73321 73327 6cc23c39 73324->73327 73329 6cc78f0e ctype RtlFreeHeap 73324->73329 73328 6cc23bda 73325->73328 73326->73324 73327->73310 73331 6cc78f0e ctype RtlFreeHeap 73327->73331 73330 6cc585bc ctype KiUserExceptionDispatcher 73328->73330 73329->73327 73330->73319 73331->73310 73333 6cc23a16 ctype 110 API calls 73332->73333 73334 6cc241e9 73333->73334 73335 6cc23a16 ctype 110 API calls 73334->73335 73336 6cc241fa 73334->73336 73335->73336 73337 6cc241a9 73336->73337 73900 6cc6657a 73337->73900 73341 6cc7c030 73340->73341 73344 6cc7bfc1 73340->73344 73369 6cc81247 _DecodePointerInternal 73341->73369 73343 6cc7c036 73370 6cc7bd29 66 API calls __getptd_noexit 73343->73370 73347 6cc7bfef RtlAllocateHeap 73344->73347 73349 6cc7bfcc 73344->73349 73351 6cc7c01c 73344->73351 73355 6cc7c01a 73344->73355 73366 6cc81247 _DecodePointerInternal 73344->73366 73347->73344 73348 6cc7c028 73347->73348 73348->73126 73349->73344 73363 6cc811f5 66 API calls 2 library calls 73349->73363 73364 6cc81041 66 API calls 6 library calls 73349->73364 73365 6cc7d835 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 73349->73365 73367 6cc7bd29 66 API calls __getptd_noexit 73351->73367 73368 6cc7bd29 66 API calls __getptd_noexit 73355->73368 73357->73126 73358->73129 73359->73132 73361 6cc814df KiUserExceptionDispatcher 73360->73361 73362 6cc814d3 73360->73362 73361->73135 73362->73361 73363->73349 73364->73349 73366->73344 73367->73355 73368->73348 73369->73343 73370->73348 73372 6cc27cad 73371->73372 73373 6cc78e58 73371->73373 73372->73140 73399 6cc78e8c 73373->73399 73376 6cc27cf4 __EH_prolog3 73375->73376 73402 6cc5833e 73376->73402 73378 6cc27d16 73410 6cc27ee4 73378->73410 73380 6cc27d25 73418 6cc78f0e 73380->73418 73384 6cc27d3d ctype 73385 6cc78f0e ctype RtlFreeHeap 73384->73385 73386 6cc27d5c 73385->73386 73387 6cc25dd0 112 API calls 73386->73387 73388 6cc27d65 ctype 73387->73388 73389 6cc78f0e ctype RtlFreeHeap 73388->73389 73390 6cc27d8a ctype 73389->73390 73436 6cc25485 73390->73436 73392 6cc27daf ctype 73393 6cc78f0e ctype RtlFreeHeap 73392->73393 73394 6cc27dd4 73393->73394 73446 6cc2575e 73394->73446 73396 6cc27ddd ctype 73397 6cc78f0e ctype RtlFreeHeap 73396->73397 73398 6cc27e02 ctype 73397->73398 73398->73143 73400 6cc814aa __CxxThrowException@8 KiUserExceptionDispatcher 73399->73400 73401 6cc78ea5 73400->73401 73403 6cc5834a __EH_prolog3 73402->73403 73404 6cc78e54 ctype KiUserExceptionDispatcher 73403->73404 73405 6cc58357 73404->73405 73451 6cc5fe8a 73405->73451 73408 6cc58371 ctype 73408->73378 73411 6cc27ef0 __EH_prolog3 73410->73411 73538 6cc78eab 73411->73538 73416 6cc78f0e ctype RtlFreeHeap 73417 6cc27f26 ctype 73416->73417 73417->73380 73419 6cc27d34 73418->73419 73420 6cc78f1d 73418->73420 73422 6cc25dd0 73419->73422 73554 6cc854f2 73420->73554 73423 6cc25ddc __EH_prolog3 73422->73423 73557 6cc25c6f 73423->73557 73425 6cc25df0 73426 6cc78eab std::bad_exception::bad_exception 67 API calls 73425->73426 73427 6cc25e01 73426->73427 73567 6cc25e41 73427->73567 73429 6cc25e13 73430 6cc584b9 ctype 100 API calls 73429->73430 73431 6cc25e1c 73430->73431 73432 6cc78f0e ctype RtlFreeHeap 73431->73432 73433 6cc25e27 73432->73433 73434 6cc78f0e ctype RtlFreeHeap 73433->73434 73435 6cc25e32 ctype 73434->73435 73435->73384 73602 6cc86e1a 73436->73602 73438 6cc25491 GetModuleHandleW 73439 6cc254b3 GetProcAddress 73438->73439 73440 6cc254a6 73438->73440 73442 6cc254c5 73439->73442 73443 6cc254cb GetNativeSystemInfo 73439->73443 73441 6cc5833e ctype 109 API calls 73440->73441 73445 6cc254b1 ctype 73441->73445 73442->73443 73603 6cc24ea3 73443->73603 73445->73392 73614 6cc25727 GetModuleHandleW 73446->73614 73450 6cc2578e 73450->73396 73452 6cc5fe96 73451->73452 73453 6cc58364 73451->73453 73452->73453 73459 6cc58b33 109 API calls ctype 73452->73459 73453->73408 73455 6cc78c76 73453->73455 73456 6cc78c84 ctype 73455->73456 73460 6cc78bdc 73456->73460 73459->73453 73461 6cc78bf0 73460->73461 73462 6cc78be9 73460->73462 73464 6cc78c02 73461->73464 73465 6cc78e8c ctype KiUserExceptionDispatcher 73461->73465 73481 6cc78b95 KiUserExceptionDispatcher RtlFreeHeap ctype 73462->73481 73475 6cc78d91 73464->73475 73465->73464 73467 6cc78bee 73467->73408 73469 6cc78c31 73483 6cc7b1f3 73469->73483 73470 6cc78c1d 73482 6cc7b6ef 66 API calls 2 library calls 73470->73482 73473 6cc78c2f 73492 6cc78dcd 73473->73492 73476 6cc78da6 73475->73476 73477 6cc78d9c 73475->73477 73479 6cc78c14 73476->73479 73506 6cc78d3a 73476->73506 73478 6cc78e8c ctype KiUserExceptionDispatcher 73477->73478 73478->73476 73479->73469 73479->73470 73481->73467 73482->73473 73486 6cc7b204 _memset 73483->73486 73489 6cc7b200 _memmove 73483->73489 73484 6cc7b20a 73524 6cc7bd29 66 API calls __getptd_noexit 73484->73524 73486->73484 73488 6cc7b24f 73486->73488 73486->73489 73488->73489 73526 6cc7bd29 66 API calls __getptd_noexit 73488->73526 73489->73473 73491 6cc7b20f 73525 6cc7ecf4 11 API calls __fclose_nolock 73491->73525 73493 6cc78dd1 73492->73493 73494 6cc78e8c ctype KiUserExceptionDispatcher 73493->73494 73495 6cc78dd8 73493->73495 73496 6cc78dee 73494->73496 73495->73467 73498 6cc78e8c ctype KiUserExceptionDispatcher 73496->73498 73499 6cc78e27 73496->73499 73527 6cc7b4c9 73496->73527 73498->73496 73500 6cc78d91 ctype 69 API calls 73499->73500 73501 6cc78e2d 73500->73501 73530 6cc7b446 97 API calls _vswprintf_s 73501->73530 73503 6cc78e3d 73504 6cc78dcd ctype 100 API calls 73503->73504 73505 6cc78e49 73504->73505 73505->73467 73507 6cc78d4b 73506->73507 73508 6cc78d53 73507->73508 73511 6cc78d5c 73507->73511 73513 6cc78c9e 73508->73513 73509 6cc78d5a 73509->73479 73511->73509 73523 6cc78d0b KiUserExceptionDispatcher std::bad_exception::bad_exception 73511->73523 73514 6cc78cba 73513->73514 73522 6cc8563e RtlAllocateHeap 73514->73522 73515 6cc78cc5 73516 6cc78cd0 73515->73516 73517 6cc777cf std::bad_exception::bad_exception KiUserExceptionDispatcher 73515->73517 73518 6cc7b1f3 _memcpy_s 66 API calls 73516->73518 73517->73516 73519 6cc78ce9 73518->73519 73520 6cc78f0e ctype RtlFreeHeap 73519->73520 73521 6cc78cfa 73520->73521 73521->73509 73522->73515 73523->73509 73524->73491 73525->73489 73526->73491 73531 6cc7b468 73527->73531 73529 6cc7b4e0 73529->73496 73530->73503 73532 6cc7b486 73531->73532 73533 6cc7b49b 73531->73533 73534 6cc7bd29 __fclose_nolock 66 API calls 73532->73534 73533->73529 73535 6cc7b48b 73534->73535 73536 6cc7ecf4 __fclose_nolock 11 API calls 73535->73536 73537 6cc7b496 73536->73537 73537->73529 73541 6cc78eb8 73538->73541 73539 6cc27f06 73544 6cc584b9 73539->73544 73540 6cc78ee5 73543 6cc7b1f3 _memcpy_s 66 API calls 73540->73543 73541->73539 73541->73540 73553 6cc777cf KiUserExceptionDispatcher ctype std::bad_exception::bad_exception 73541->73553 73543->73539 73545 6cc584c8 73544->73545 73550 6cc27f1e 73544->73550 73546 6cc584ea 73545->73546 73547 6cc584d5 73545->73547 73548 6cc78bdc ctype 100 API calls 73546->73548 73549 6cc78eab std::bad_exception::bad_exception 67 API calls 73547->73549 73548->73550 73551 6cc584da 73549->73551 73550->73416 73552 6cc78f0e ctype RtlFreeHeap 73551->73552 73552->73550 73553->73540 73555 6cc8550b 73554->73555 73556 6cc854fd RtlFreeHeap 73554->73556 73555->73419 73556->73555 73559 6cc25c7b __EH_prolog3 73557->73559 73558 6cc25cb4 73561 6cc25cc6 GetModuleFileNameW 73558->73561 73562 6cc78e8c ctype KiUserExceptionDispatcher 73558->73562 73559->73558 73560 6cc78d3a ctype 69 API calls 73559->73560 73560->73558 73563 6cc5833e ctype 109 API calls 73561->73563 73562->73561 73564 6cc25ce8 73563->73564 73565 6cc78f0e ctype RtlFreeHeap 73564->73565 73566 6cc25cf0 ctype 73565->73566 73566->73425 73568 6cc25e4d __EH_prolog3 73567->73568 73569 6cc5833e ctype 109 API calls 73568->73569 73570 6cc25e66 73569->73570 73571 6cc78eab std::bad_exception::bad_exception 67 API calls 73570->73571 73572 6cc25e77 PathFindFileNameW 73571->73572 73573 6cc25e8e PathFindExtensionW 73572->73573 73575 6cc25eab 73573->73575 73588 6cc589f0 73575->73588 73580 6cc584b9 ctype 100 API calls 73581 6cc25ee2 73580->73581 73582 6cc78f0e ctype RtlFreeHeap 73581->73582 73583 6cc25eed 73582->73583 73584 6cc78f0e ctype RtlFreeHeap 73583->73584 73585 6cc25ef8 73584->73585 73586 6cc78f0e ctype RtlFreeHeap 73585->73586 73587 6cc25f03 ctype 73586->73587 73587->73429 73589 6cc58a15 ctype 67 API calls 73588->73589 73590 6cc25ec4 73589->73590 73591 6cc58a15 73590->73591 73592 6cc58a2a 73591->73592 73593 6cc58a6d 73592->73593 73596 6cc58a3d 73592->73596 73594 6cc78e8c ctype KiUserExceptionDispatcher 73593->73594 73595 6cc58a77 ctype 73594->73595 73601 6cc5feb7 67 API calls 3 library calls 73595->73601 73596->73595 73597 6cc58a5b 73596->73597 73598 6cc78eab std::bad_exception::bad_exception 67 API calls 73597->73598 73600 6cc25ed9 73598->73600 73600->73580 73601->73600 73602->73438 73608 6cc24fd5 73603->73608 73606 6cc5833e ctype 109 API calls 73607 6cc24f56 73606->73607 73607->73445 73612 6cc24ffd 73608->73612 73609 6cc25001 73610 6cc7b091 ___crtMessageBoxW 5 API calls 73609->73610 73611 6cc24eb2 73610->73611 73611->73606 73612->73609 73613 6cc25085 GetSystemMetrics 73612->73613 73613->73609 73615 6cc25755 73614->73615 73616 6cc2573b GetProcAddress 73614->73616 73619 6cc25847 109 API calls 2 library calls 73615->73619 73617 6cc2574b 73616->73617 73618 6cc2574e GetSystemInfo 73616->73618 73617->73618 73618->73615 73619->73450 73621 6cc27887 __EH_prolog3 73620->73621 73622 6cc27938 ctype 73621->73622 73623 6cc2789e RegOpenKeyExW 73621->73623 73622->73151 73624 6cc278c2 RegQueryValueExW RegCloseKey 73623->73624 73625 6cc27908 SHGetFolderPathW 73623->73625 73624->73625 73626 6cc278ef GetFileAttributesW 73624->73626 73627 6cc2793e 73625->73627 73628 6cc2791d 73625->73628 73626->73625 73629 6cc27900 73626->73629 73652 6cc25d3f 73627->73652 73643 6cc7b8ad 73628->73643 73629->73622 73632 6cc27930 GetFileAttributesW 73632->73622 73632->73627 73634 6cc2795e 73665 6cc58e8b 73634->73665 73637 6cc78f0e ctype RtlFreeHeap 73638 6cc2797c 73637->73638 73671 6cc7b927 73638->73671 73641 6cc27991 73642 6cc78f0e ctype RtlFreeHeap 73641->73642 73642->73622 73644 6cc7b8c2 73643->73644 73645 6cc7b8bb 73643->73645 73680 6cc7bd29 66 API calls __getptd_noexit 73644->73680 73645->73644 73650 6cc7b8f7 73645->73650 73647 6cc7b8c7 73681 6cc7ecf4 11 API calls __fclose_nolock 73647->73681 73649 6cc27929 73649->73627 73649->73632 73650->73649 73682 6cc7bd29 66 API calls __getptd_noexit 73650->73682 73653 6cc25d4b __EH_prolog3 73652->73653 73654 6cc25d8c GetModuleFileNameW 73653->73654 73655 6cc78d3a ctype 69 API calls 73653->73655 73683 6cc78afc 73654->73683 73657 6cc25d89 73655->73657 73657->73654 73659 6cc5833e ctype 109 API calls 73660 6cc25dad 73659->73660 73688 6cc58f73 73660->73688 73663 6cc78f0e ctype RtlFreeHeap 73664 6cc25dc0 ctype 73663->73664 73664->73634 73666 6cc58eb0 PathCombineW 73665->73666 73667 6cc58ea9 73665->73667 73669 6cc78afc ctype KiUserExceptionDispatcher 73666->73669 73668 6cc78d3a ctype 69 API calls 73667->73668 73668->73666 73670 6cc27971 73669->73670 73670->73637 73672 6cc7b935 73671->73672 73673 6cc7b93c 73671->73673 73672->73673 73676 6cc7b95d 73672->73676 73693 6cc7bd29 66 API calls __getptd_noexit 73673->73693 73677 6cc27986 GetFileAttributesW 73676->73677 73695 6cc7bd29 66 API calls __getptd_noexit 73676->73695 73677->73641 73679 6cc7b941 73694 6cc7ecf4 11 API calls __fclose_nolock 73679->73694 73680->73647 73681->73649 73682->73647 73684 6cc78b01 _wcsnlen 73683->73684 73685 6cc25da4 73684->73685 73686 6cc78e8c ctype KiUserExceptionDispatcher 73684->73686 73685->73659 73687 6cc78b34 73686->73687 73689 6cc78d91 ctype 69 API calls 73688->73689 73690 6cc58f83 PathRemoveFileSpecW 73689->73690 73691 6cc78afc ctype KiUserExceptionDispatcher 73690->73691 73692 6cc25db8 73691->73692 73692->73663 73693->73679 73694->73677 73695->73679 73696->73160 73697->73166 73698->73172 73699->73178 73700->73184 73701->73190 73702->73196 73703->73202 73704->73208 73705->73214 73706->73220 73707->73226 73708->73232 73709->73238 73710->73244 73711->73250 73712->73256 73713->73262 73718 6cc23c8f 73714->73718 73716 6cc244a0 73716->73269 73717->73273 73719 6cc23c9b __EH_prolog3 73718->73719 73720 6cc5833e ctype 109 API calls 73719->73720 73721 6cc23cb7 73720->73721 73722 6cc78e54 ctype KiUserExceptionDispatcher 73721->73722 73723 6cc23cca 73722->73723 73724 6cc23a16 ctype 110 API calls 73723->73724 73725 6cc23cdd 73724->73725 73726 6cc589f0 ctype 67 API calls 73725->73726 73760 6cc23ded 73725->73760 73728 6cc23cfe 73726->73728 73727 6cc78f0e ctype RtlFreeHeap 73729 6cc23e36 ctype 73727->73729 73730 6cc584b9 ctype 100 API calls 73728->73730 73729->73716 73731 6cc23d07 73730->73731 73732 6cc78f0e ctype RtlFreeHeap 73731->73732 73733 6cc23d16 73732->73733 73761 6cc58989 73733->73761 73737 6cc23d29 ctype 73738 6cc78f0e ctype RtlFreeHeap 73737->73738 73739 6cc23d48 73738->73739 73740 6cc23d50 73739->73740 73743 6cc23def _wcspbrk 73739->73743 73741 6cc589f0 ctype 67 API calls 73740->73741 73742 6cc23d5e 73741->73742 73744 6cc584b9 ctype 100 API calls 73742->73744 73746 6cc58aed ctype 67 API calls 73743->73746 73743->73760 73745 6cc23d67 73744->73745 73747 6cc78f0e ctype RtlFreeHeap 73745->73747 73748 6cc23e17 73746->73748 73752 6cc23d76 ctype 73747->73752 73749 6cc584b9 ctype 100 API calls 73748->73749 73750 6cc23e20 73749->73750 73751 6cc78f0e ctype RtlFreeHeap 73750->73751 73751->73760 73753 6cc58aed ctype 67 API calls 73752->73753 73752->73760 73754 6cc23dc5 73753->73754 73755 6cc584b9 ctype 100 API calls 73754->73755 73756 6cc23dce 73755->73756 73757 6cc78f0e ctype RtlFreeHeap 73756->73757 73758 6cc23ddd 73757->73758 73779 6cc58636 100 API calls 2 library calls 73758->73779 73760->73727 73780 6cc58931 73761->73780 73764 6cc58992 73765 6cc589a9 73764->73765 73788 6cc7c49f 73764->73788 73766 6cc78d91 ctype 69 API calls 73765->73766 73771 6cc23d1d 73765->73771 73767 6cc589bc 73766->73767 73791 6cc77942 67 API calls 2 library calls 73767->73791 73769 6cc589d9 73770 6cc78dcd ctype 100 API calls 73769->73770 73770->73771 73772 6cc58aed 73771->73772 73773 6cc58b02 73772->73773 73774 6cc58b0b 73773->73774 73776 6cc58b1a ctype 73773->73776 73775 6cc78eab std::bad_exception::bad_exception 67 API calls 73774->73775 73777 6cc58b13 73775->73777 73797 6cc5feb7 67 API calls 3 library calls 73776->73797 73777->73737 73779->73760 73781 6cc58944 73780->73781 73782 6cc5897e 73780->73782 73783 6cc7c49f ctype GetStringTypeW 73781->73783 73784 6cc58967 73781->73784 73782->73764 73783->73781 73784->73782 73785 6cc78d91 ctype 69 API calls 73784->73785 73786 6cc58975 73785->73786 73787 6cc78dcd ctype 100 API calls 73786->73787 73787->73782 73792 6cc8094f 73788->73792 73790 6cc7c4ae 73790->73764 73791->73769 73793 6cc80960 73792->73793 73794 6cc80964 73792->73794 73793->73790 73795 6cc8097f GetStringTypeW 73794->73795 73796 6cc8096f 73794->73796 73795->73796 73796->73790 73797->73777 73799 6cc78d91 ctype 69 API calls 73798->73799 73800 6cc588e2 73799->73800 73828 6cc7cb99 73800->73828 73803 6cc78dcd ctype 100 API calls 73804 6cc23a42 73803->73804 73804->73288 73806 6cc58ce1 __EH_prolog3 ctype 73805->73806 73807 6cc78e54 ctype KiUserExceptionDispatcher 73806->73807 73808 6cc58cfa ctype 73807->73808 73890 6cc5ffa8 73808->73890 73810 6cc58d21 ctype 73810->73293 73812 6cc58c86 __EH_prolog3 ctype 73811->73812 73813 6cc78e54 ctype KiUserExceptionDispatcher 73812->73813 73814 6cc58c9f ctype 73813->73814 73815 6cc5ffa8 ctype 100 API calls 73814->73815 73816 6cc58cc2 ctype 73815->73816 73816->73295 73818 6cc58aab 73817->73818 73819 6cc58ab6 73818->73819 73820 6cc58ac8 ctype 73818->73820 73821 6cc78eab std::bad_exception::bad_exception 67 API calls 73819->73821 73899 6cc5feb7 67 API calls 3 library calls 73820->73899 73822 6cc23b8c 73821->73822 73824 6cc585bc 73822->73824 73825 6cc585c5 73824->73825 73827 6cc23ba1 73824->73827 73826 6cc78e8c ctype KiUserExceptionDispatcher 73825->73826 73826->73827 73827->73319 73827->73320 73831 6cc7cb61 73828->73831 73836 6cc7c12f 73831->73836 73837 6cc7c142 73836->73837 73843 6cc7c18f 73836->73843 73877 6cc7d3d1 66 API calls 2 library calls 73837->73877 73839 6cc7c147 73840 6cc7c16f 73839->73840 73878 6cc81edb 74 API calls 6 library calls 73839->73878 73840->73843 73879 6cc8172d 68 API calls 6 library calls 73840->73879 73844 6cc7c9ec 73843->73844 73845 6cc7ca1c _wcsnlen 73844->73845 73846 6cc7ca08 73844->73846 73845->73846 73848 6cc7ca33 73845->73848 73880 6cc7bd29 66 API calls __getptd_noexit 73846->73880 73876 6cc7ca17 73848->73876 73882 6cc82016 LCMapStringW _wcsnlen 73848->73882 73851 6cc7ca79 73852 6cc7ca85 73851->73852 73853 6cc7ca9c 73851->73853 73883 6cc7bd29 66 API calls __getptd_noexit 73852->73883 73856 6cc7caa1 73853->73856 73863 6cc7cab2 73853->73863 73854 6cc7b091 ___crtMessageBoxW 5 API calls 73857 6cc588ec 73854->73857 73885 6cc7bd29 66 API calls __getptd_noexit 73856->73885 73857->73803 73858 6cc7ca8a 73884 6cc7bd29 66 API calls __getptd_noexit 73858->73884 73860 6cc7cafd 73886 6cc7bd29 66 API calls __getptd_noexit 73860->73886 73861 6cc7cb0a 73887 6cc82016 LCMapStringW _wcsnlen 73861->73887 73862 6cc7ca0d 73881 6cc7ecf4 11 API calls __fclose_nolock 73862->73881 73868 6cc7cacd __crtLCMapStringA_stat 73863->73868 73869 6cc7bfb3 _malloc 66 API calls 73863->73869 73867 6cc7cb1d 73870 6cc7cb35 73867->73870 73871 6cc7cb24 73867->73871 73868->73860 73868->73861 73869->73868 73888 6cc7bd29 66 API calls __getptd_noexit 73870->73888 73872 6cc7b927 __NMSG_WRITE 66 API calls 73871->73872 73874 6cc7cb2e 73872->73874 73889 6cc7c244 66 API calls _free 73874->73889 73876->73854 73877->73839 73878->73840 73879->73843 73880->73862 73881->73876 73882->73851 73883->73858 73884->73876 73885->73862 73886->73858 73887->73867 73888->73874 73889->73876 73891 6cc78d91 ctype 69 API calls 73890->73891 73892 6cc5ffc2 73891->73892 73893 6cc7b1f3 _memcpy_s 66 API calls 73892->73893 73894 6cc5ffd3 73893->73894 73895 6cc7b1f3 _memcpy_s 66 API calls 73894->73895 73896 6cc5ffe3 73895->73896 73897 6cc78dcd ctype 100 API calls 73896->73897 73898 6cc5fff1 73897->73898 73898->73810 73899->73822 73904 6cc66583 73900->73904 73905 6cc241bd 73900->73905 73901 6cc665a0 73906 6cc7be0e 73901->73906 73902 6cc78f0e ctype RtlFreeHeap 73902->73904 73904->73901 73904->73902 73907 6cc7be19 HeapFree 73906->73907 73911 6cc7be42 _free 73906->73911 73908 6cc7be2e 73907->73908 73907->73911 73912 6cc7bd29 66 API calls __getptd_noexit 73908->73912 73910 6cc7be34 GetLastError 73910->73911 73911->73905 73912->73910 81328 640ebf84 GetWindowLongW 81329 640ec06e 81328->81329 81330 640ebfa5 81328->81330 81333 640ec056 81329->81333 81334 640ec074 PostMessageW 81329->81334 81331 640ebfae 81330->81331 81332 640ec00f _memset 81330->81332 81331->81333 81335 640ebfbb GetForegroundWindow 81331->81335 81332->81333 81337 640ec026 GetSystemMenu GetMenuItemInfoW 81332->81337 81343 640f5ec4 81333->81343 81339 640ebfff 81334->81339 81336 640ebfc9 81335->81336 81335->81339 81338 640ebfd2 IsWindowVisible 81336->81338 81336->81339 81337->81333 81337->81339 81338->81339 81340 640ebfe3 81338->81340 81341 640ebfef SetForegroundWindow 81340->81341 81341->81339 81344 640f5ee6 81343->81344 81352 640e82a2 81344->81352 81346 640f5f1a CallWindowProcW 81348 640f5f7f 81346->81348 81347 640f5f32 GetWindowLongW CallWindowProcW 81347->81348 81349 640f5f64 GetWindowLongW 81347->81349 81348->81339 81349->81348 81350 640f5f71 SetWindowLongW 81349->81350 81350->81348 81353 640e82b6 81352->81353 81354 640e82eb 81352->81354 81353->81354 81356 640f5402 DefWindowProcW 81353->81356 81354->81346 81354->81347 81354->81348 81356->81354 81357 6cc6ff5c EnterCriticalSection 81358 6cc6ffae 81357->81358 81359 6cc708fc LeaveCriticalSection 81357->81359 81360 6cc24cb2 111 API calls 81358->81360 81361 6cc6ffbb 81360->81361 81362 6cc5833e ctype 109 API calls 81361->81362 81363 6cc6ffd3 81362->81363 81364 6cc58cd5 ctype 100 API calls 81363->81364 81365 6cc6ffee 81364->81365 81366 6cc2391d 109 API calls 81365->81366 81375 6cc70017 81366->81375 81367 6cc7009e 81368 6cc7c0aa ctype 77 API calls 81367->81368 81369 6cc700a5 81368->81369 81371 6cc7c0aa ctype 77 API calls 81369->81371 81370 6cc7c0aa ctype 77 API calls 81370->81375 81374 6cc700d6 81371->81374 81372 6cc424cd 110 API calls 81372->81375 81415 6cc72480 81374->81415 81375->81367 81375->81370 81375->81372 81411 6cc72306 81375->81411 81431 6cc5bc6d 71 API calls 2 library calls 81375->81431 81378 6cc708a0 81380 6cc6657a ctype 67 API calls 81378->81380 81379 6cc78e54 ctype KiUserExceptionDispatcher 81410 6cc70133 81379->81410 81381 6cc708b1 81380->81381 81423 6cc724d1 81381->81423 81383 6cc424cd 110 API calls 81383->81410 81385 6cc2395e ctype 100 API calls 81386 6cc708d8 81385->81386 81387 6cc78f0e ctype RtlFreeHeap 81386->81387 81388 6cc708e4 81387->81388 81389 6cc78f0e ctype RtlFreeHeap 81388->81389 81391 6cc708f0 81389->81391 81390 6cc78f0e RtlFreeHeap ctype 81390->81410 81392 6cc78f0e ctype RtlFreeHeap 81391->81392 81392->81359 81393 6cc868b5 67 API calls ctype 81393->81410 81395 6cc5bc09 CloseHandle ctype 81395->81410 81396 6cc72306 174 API calls 81396->81410 81397 6cc70924 81437 6cc778c8 RaiseException 81397->81437 81399 6cc70929 81400 6cc74ee6 71 API calls 81400->81410 81401 6cc36cb7 109 API calls 81401->81410 81402 6cc23834 76 API calls 81402->81410 81403 6cc78eab 67 API calls std::bad_exception::bad_exception 81403->81410 81405 6cc74c0c 174 API calls 81405->81410 81408 6cc584b9 100 API calls ctype 81408->81410 81410->81378 81410->81379 81410->81383 81410->81390 81410->81393 81410->81395 81410->81396 81410->81397 81410->81400 81410->81401 81410->81402 81410->81403 81410->81405 81410->81408 81432 6cc58f9e 70 API calls ctype 81410->81432 81433 6cc5902f KiUserExceptionDispatcher ctype 81410->81433 81434 6cc59067 71 API calls 4 library calls 81410->81434 81435 6cc3f454 114 API calls 4 library calls 81410->81435 81436 6cc3d25c 110 API calls 4 library calls 81410->81436 81412 6cc72312 __EH_prolog3 81411->81412 81438 6cc74c71 81412->81438 81414 6cc72356 ctype 81414->81375 81417 6cc72489 81415->81417 81421 6cc724b3 81415->81421 81416 6cc7be0e _free 66 API calls 81419 6cc724c3 81416->81419 81420 6cc78f0e ctype RtlFreeHeap 81417->81420 81422 6cc724a9 81417->81422 81418 6cc7be0e _free 66 API calls 81418->81421 81419->81410 81420->81417 81421->81416 81421->81419 81422->81418 81691 6cc7236b 81423->81691 81427 6cc708bf 81427->81385 81428 6cc424cd 110 API calls 81429 6cc724ee 81428->81429 81429->81427 81429->81428 81430 6cc7be92 70 API calls __recalloc 81429->81430 81430->81429 81431->81375 81432->81410 81433->81410 81434->81410 81435->81410 81436->81410 81437->81399 81439 6cc74cc1 81438->81439 81442 6cc74c88 81438->81442 81440 6cc74cc6 81439->81440 81441 6cc74cdd 81439->81441 81524 6cc75748 174 API calls ctype 81440->81524 81445 6cc74ce2 81441->81445 81446 6cc74cf9 81441->81446 81443 6cc74cbf 81442->81443 81451 6cc74c71 174 API calls 81442->81451 81523 6cc3d25c 110 API calls 4 library calls 81442->81523 81448 6cc74d29 81443->81448 81526 6cc755d7 174 API calls ctype 81443->81526 81525 6cc75668 174 API calls ctype 81445->81525 81453 6cc7537a 81446->81453 81448->81414 81451->81442 81454 6cc75386 __EH_prolog3 81453->81454 81455 6cc5833e ctype 109 API calls 81454->81455 81456 6cc75394 81455->81456 81457 6cc868b5 ctype 67 API calls 81456->81457 81458 6cc753ae 81457->81458 81459 6cc868b5 ctype 67 API calls 81458->81459 81460 6cc753c3 81459->81460 81461 6cc75414 81460->81461 81462 6cc753cd 81460->81462 81463 6cc7543b 81461->81463 81566 6cc40b24 67 API calls std::bad_exception::bad_exception 81461->81566 81464 6cc36cb7 109 API calls 81462->81464 81467 6cc868b5 ctype 67 API calls 81463->81467 81466 6cc753d8 81464->81466 81469 6cc78eab std::bad_exception::bad_exception 67 API calls 81466->81469 81470 6cc7544d 81467->81470 81468 6cc75420 81471 6cc584b9 ctype 100 API calls 81468->81471 81472 6cc753e6 81469->81472 81473 6cc75412 81470->81473 81477 6cc584b9 ctype 100 API calls 81470->81477 81475 6cc7542c 81471->81475 81476 6cc584b9 ctype 100 API calls 81472->81476 81474 6cc58cd5 ctype 100 API calls 81473->81474 81478 6cc75473 81474->81478 81479 6cc78f0e ctype RtlFreeHeap 81475->81479 81480 6cc753fb 81476->81480 81477->81473 81481 6cc58cd5 ctype 100 API calls 81478->81481 81479->81463 81482 6cc78f0e ctype RtlFreeHeap 81480->81482 81484 6cc75481 81481->81484 81483 6cc75403 81482->81483 81485 6cc78f0e ctype RtlFreeHeap 81483->81485 81486 6cc2391d 109 API calls 81484->81486 81485->81473 81487 6cc7549d 81486->81487 81488 6cc78f0e ctype RtlFreeHeap 81487->81488 81489 6cc754ac 81488->81489 81490 6cc755b8 81489->81490 81492 6cc868b5 ctype 67 API calls 81489->81492 81532 6cc759f8 81490->81532 81493 6cc754ca 81492->81493 81499 6cc754df 81493->81499 81527 6cc75b5d 81493->81527 81494 6cc2395e ctype 100 API calls 81496 6cc7559b 81494->81496 81498 6cc78f0e ctype RtlFreeHeap 81496->81498 81503 6cc755a6 81498->81503 81504 6cc5ff21 ctype 100 API calls 81499->81504 81500 6cc75539 81501 6cc75540 81500->81501 81502 6cc7554a 81500->81502 81567 6cc40b4a 118 API calls 4 library calls 81501->81567 81506 6cc868b5 ctype 67 API calls 81502->81506 81507 6cc78f0e ctype RtlFreeHeap 81503->81507 81509 6cc754ee 81504->81509 81510 6cc7555a 81506->81510 81517 6cc75511 ctype 81507->81517 81508 6cc75548 81514 6cc6657a ctype 67 API calls 81508->81514 81511 6cc2395e ctype 100 API calls 81509->81511 81510->81490 81568 6cc417a5 72 API calls 81510->81568 81512 6cc754fb 81511->81512 81515 6cc78f0e ctype RtlFreeHeap 81512->81515 81516 6cc75579 81514->81516 81518 6cc75506 81515->81518 81516->81490 81519 6cc7557d 81516->81519 81517->81443 81520 6cc78f0e ctype RtlFreeHeap 81518->81520 81521 6cc5ff21 ctype 100 API calls 81519->81521 81520->81517 81522 6cc7558c 81521->81522 81522->81494 81523->81442 81524->81443 81525->81443 81526->81448 81528 6cc868b5 ctype 67 API calls 81527->81528 81529 6cc75b7b 81528->81529 81530 6cc868b5 ctype 67 API calls 81529->81530 81531 6cc75529 81529->81531 81530->81531 81531->81499 81531->81500 81533 6cc75a04 __EH_prolog3 81532->81533 81534 6cc868b5 ctype 67 API calls 81533->81534 81535 6cc75a19 81534->81535 81536 6cc75a2a 81535->81536 81537 6cc868b5 ctype 67 API calls 81535->81537 81538 6cc5ff21 ctype 100 API calls 81536->81538 81539 6cc75a52 GetCommandLineW 81537->81539 81544 6cc75a39 ctype 81538->81544 81541 6cc23e77 ctype 113 API calls 81539->81541 81542 6cc75a74 81541->81542 81543 6cc24486 ctype 111 API calls 81542->81543 81545 6cc75a82 81543->81545 81544->81522 81569 6cc72b01 81545->81569 81548 6cc78f0e ctype RtlFreeHeap 81549 6cc75aaa 81548->81549 81550 6cc241a9 ctype 67 API calls 81549->81550 81551 6cc75ab6 81550->81551 81552 6cc75af6 81551->81552 81553 6cc75abb 81551->81553 81685 6cc75be8 68 API calls ctype 81552->81685 81553->81536 81558 6cc75ad7 81553->81558 81555 6cc75afc 81556 6cc75b13 81555->81556 81557 6cc75b00 81555->81557 81560 6cc5833e ctype 109 API calls 81556->81560 81559 6cc5ff21 ctype 100 API calls 81557->81559 81561 6cc5ff21 ctype 100 API calls 81558->81561 81559->81544 81562 6cc75b21 81560->81562 81561->81544 81563 6cc5ff21 ctype 100 API calls 81562->81563 81564 6cc75b37 81563->81564 81565 6cc78f0e ctype RtlFreeHeap 81564->81565 81565->81544 81566->81468 81567->81508 81568->81508 81570 6cc72b3f 81569->81570 81611 6cc72b38 81569->81611 81571 6cc868b5 ctype 67 API calls 81570->81571 81572 6cc72b52 81571->81572 81573 6cc868b5 ctype 67 API calls 81572->81573 81572->81611 81574 6cc72b6e 81573->81574 81575 6cc868b5 ctype 67 API calls 81574->81575 81574->81611 81576 6cc72b83 81575->81576 81577 6cc868b5 ctype 67 API calls 81576->81577 81576->81611 81578 6cc72b9c 81577->81578 81579 6cc72bc4 GetCommandLineW 81578->81579 81596 6cc72bee 81578->81596 81578->81611 81580 6cc23e77 ctype 113 API calls 81579->81580 81581 6cc72bd5 81580->81581 81686 6cc2423c 110 API calls ctype 81581->81686 81582 6cc72c06 81586 6cc36cb7 109 API calls 81582->81586 81583 6cc72dad 81584 6cc72f1c 81583->81584 81594 6cc72dab 81583->81594 81595 6cc72df5 GetModuleFileNameW 81583->81595 81589 6cc36cb7 109 API calls 81584->81589 81588 6cc72c14 PathFileExistsW 81586->81588 81587 6cc72bde 81591 6cc241a9 ctype 67 API calls 81587->81591 81592 6cc78f0e ctype RtlFreeHeap 81588->81592 81590 6cc72f2a 81589->81590 81593 6cc78eab std::bad_exception::bad_exception 67 API calls 81590->81593 81591->81596 81597 6cc72c28 81592->81597 81598 6cc72f3a PathFileExistsW 81593->81598 81594->81583 81599 6cc78d3a ctype 69 API calls 81594->81599 81600 6cc78afc ctype KiUserExceptionDispatcher 81595->81600 81596->81582 81596->81583 81596->81611 81597->81583 81601 6cc868b5 ctype 67 API calls 81597->81601 81602 6cc78f0e ctype RtlFreeHeap 81598->81602 81603 6cc72df1 81599->81603 81604 6cc72e0b 81600->81604 81605 6cc72c42 81601->81605 81606 6cc72f51 81602->81606 81603->81595 81607 6cc5833e ctype 109 API calls 81604->81607 81605->81583 81610 6cc36cb7 109 API calls 81605->81610 81608 6cc78f0e ctype RtlFreeHeap 81606->81608 81609 6cc72e16 81607->81609 81608->81611 81612 6cc58f73 ctype 70 API calls 81609->81612 81613 6cc72c5d 81610->81613 81611->81548 81614 6cc72e24 81612->81614 81687 6cc36cd8 109 API calls ctype 81613->81687 81616 6cc78eab std::bad_exception::bad_exception 67 API calls 81614->81616 81617 6cc72e30 81616->81617 81619 6cc584b9 ctype 100 API calls 81617->81619 81618 6cc72c73 81620 6cc78eab std::bad_exception::bad_exception 67 API calls 81618->81620 81621 6cc72e49 81619->81621 81622 6cc72c82 81620->81622 81623 6cc78f0e ctype RtlFreeHeap 81621->81623 81624 6cc78f0e ctype RtlFreeHeap 81622->81624 81625 6cc72e56 81623->81625 81626 6cc72c9a 81624->81626 81627 6cc36cb7 109 API calls 81625->81627 81628 6cc42d73 67 API calls 81626->81628 81629 6cc72e64 81627->81629 81630 6cc72ca5 81628->81630 81631 6cc78eab std::bad_exception::bad_exception 67 API calls 81629->81631 81688 6cc4816f 67 API calls std::bad_exception::bad_exception 81630->81688 81633 6cc72e73 81631->81633 81635 6cc78f0e ctype RtlFreeHeap 81633->81635 81634 6cc72cc9 81636 6cc78f0e ctype RtlFreeHeap 81634->81636 81638 6cc72e8b 81635->81638 81637 6cc72cda 81636->81637 81689 6cc481ac 155 API calls 3 library calls 81637->81689 81640 6cc589f0 ctype 67 API calls 81638->81640 81642 6cc72e9c 81640->81642 81641 6cc72ce1 81643 6cc72d25 81641->81643 81644 6cc72ce5 81641->81644 81645 6cc584b9 ctype 100 API calls 81642->81645 81647 6cc72d2f 81643->81647 81648 6cc72d6d 81643->81648 81646 6cc239ad ctype RtlFreeHeap 81644->81646 81649 6cc72eaa 81645->81649 81650 6cc72cfd 81646->81650 81652 6cc36cb7 109 API calls 81647->81652 81651 6cc239ad ctype RtlFreeHeap 81648->81651 81653 6cc78f0e ctype RtlFreeHeap 81649->81653 81655 6cc78f0e ctype RtlFreeHeap 81650->81655 81656 6cc72d68 81651->81656 81657 6cc72d39 81652->81657 81654 6cc72ebb 81653->81654 81659 6cc58c24 ctype 100 API calls 81654->81659 81660 6cc72d0c 81655->81660 81664 6cc78f0e ctype RtlFreeHeap 81656->81664 81690 6cc48704 CreateFileW RtlFreeHeap ctype 81657->81690 81662 6cc72ecc PathFileExistsW 81659->81662 81663 6cc78f0e ctype RtlFreeHeap 81660->81663 81661 6cc72d44 81665 6cc78f0e ctype RtlFreeHeap 81661->81665 81666 6cc78f0e ctype RtlFreeHeap 81662->81666 81667 6cc72d14 81663->81667 81668 6cc72d8e 81664->81668 81669 6cc72d52 81665->81669 81670 6cc72ede 81666->81670 81671 6cc78f0e ctype RtlFreeHeap 81667->81671 81672 6cc78f0e ctype RtlFreeHeap 81668->81672 81669->81656 81676 6cc72d61 CloseHandle 81669->81676 81673 6cc78f0e ctype RtlFreeHeap 81670->81673 81674 6cc72d20 81671->81674 81675 6cc72d9a 81672->81675 81677 6cc72eea 81673->81677 81674->81611 81678 6cc78f0e ctype RtlFreeHeap 81675->81678 81676->81656 81679 6cc78f0e ctype RtlFreeHeap 81677->81679 81678->81594 81680 6cc72ef6 81679->81680 81681 6cc72f0b 81680->81681 81682 6cc72efa 81680->81682 81684 6cc78f0e ctype RtlFreeHeap 81681->81684 81683 6cc78f0e ctype RtlFreeHeap 81682->81683 81683->81674 81684->81584 81685->81555 81686->81587 81687->81618 81688->81634 81689->81641 81690->81661 81692 6cc72371 81691->81692 81696 6cc72377 81691->81696 81693 6cc7be0e _free 66 API calls 81692->81693 81693->81696 81694 6cc72388 81697 6cc72397 81694->81697 81695 6cc7be0e _free 66 API calls 81695->81694 81696->81694 81696->81695 81698 6cc723a0 81697->81698 81699 6cc723c9 81697->81699 81702 6cc7be0e _free 66 API calls 81698->81702 81700 6cc723da 81699->81700 81701 6cc7be0e _free 66 API calls 81699->81701 81700->81429 81701->81700 81702->81699 81703 682a24 81750 683db0 81703->81750 81705 682a30 GetStartupInfoW 81706 682a44 HeapSetInformation 81705->81706 81709 682a4f 81705->81709 81706->81709 81708 682a9d 81710 682aa8 81708->81710 81757 6829f6 65 API calls 3 library calls 81708->81757 81751 683d83 HeapCreate 81709->81751 81758 683c03 84 API calls 4 library calls 81710->81758 81713 682aae 81714 682aba __RTC_Initialize 81713->81714 81715 682ab2 81713->81715 81752 683642 72 API calls __calloc_crt 81714->81752 81759 6829f6 65 API calls 3 library calls 81715->81759 81717 682ab9 81717->81714 81719 682ac7 81720 682acb 81719->81720 81721 682ad3 GetCommandLineW 81719->81721 81760 682f1c 65 API calls 3 library calls 81720->81760 81753 6835e5 67 API calls 2 library calls 81721->81753 81725 682ae3 81761 683532 66 API calls 2 library calls 81725->81761 81727 682aed 81728 682af9 81727->81728 81729 682af1 81727->81729 81754 6832f6 65 API calls 5 library calls 81728->81754 81762 682f1c 65 API calls 3 library calls 81729->81762 81733 682afe 81734 682b0a 81733->81734 81735 682b02 81733->81735 81755 682cdd 74 API calls 4 library calls 81734->81755 81763 682f1c 65 API calls 3 library calls 81735->81763 81739 682b11 81740 682b16 81739->81740 81743 682b1d __wwincmdln 81739->81743 81764 682f1c 65 API calls 3 library calls 81740->81764 81742 682b1c 81742->81743 81743->81742 81756 682915 HeapSetInformation Run 81743->81756 81745 682b3e 81746 682b4c 81745->81746 81765 682ebe 65 API calls _doexit 81745->81765 81766 682ef4 65 API calls _doexit 81746->81766 81749 682b51 __setmbcp 81750->81705 81751->81708 81752->81719 81753->81725 81754->81733 81755->81739 81756->81745 81757->81710 81758->81713 81759->81717 81761->81727 81765->81746 81766->81749 81767 6cc7b059 81768 6cc7b064 81767->81768 81769 6cc7b069 81767->81769 81781 6cc7e588 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 81768->81781 81773 6cc7af5e 81769->81773 81772 6cc7b077 81774 6cc7af6a ___lock_fhandle 81773->81774 81775 6cc7b007 ___lock_fhandle 81774->81775 81778 6cc7afb7 ___DllMainCRTStartup 81774->81778 81782 6cc7adf5 81774->81782 81775->81772 81777 6cc7adf5 __CRT_INIT@12 149 API calls 81777->81775 81778->81775 81779 6cc7adf5 __CRT_INIT@12 149 API calls 81778->81779 81780 6cc7afe7 81778->81780 81779->81780 81780->81775 81780->81777 81781->81769 81783 6cc7ae01 ___lock_fhandle 81782->81783 81784 6cc7ae83 81783->81784 81785 6cc7ae09 81783->81785 81787 6cc7aee4 81784->81787 81788 6cc7ae89 81784->81788 81834 6cc7e1d6 HeapCreate 81785->81834 81789 6cc7af42 81787->81789 81790 6cc7aee9 81787->81790 81796 6cc7aea7 81788->81796 81822 6cc7ae12 ___lock_fhandle 81788->81822 81853 6cc7dacb 66 API calls _doexit 81788->81853 81789->81822 81859 6cc7d524 79 API calls __freefls@4 81789->81859 81835 6cc7d21f TlsGetValue 81790->81835 81791 6cc7ae0e 81793 6cc7ae19 81791->81793 81791->81822 81844 6cc7d597 86 API calls 5 library calls 81793->81844 81797 6cc7aebb 81796->81797 81854 6cc7dd4c 67 API calls _free 81796->81854 81857 6cc7aece 70 API calls __mtterm 81797->81857 81800 6cc7ae1e __RTC_Initialize 81805 6cc7ae22 81800->81805 81811 6cc7ae2e GetCommandLineA 81800->81811 81845 6cc7e1f9 HeapDestroy 81805->81845 81806 6cc7aeb1 81855 6cc7d258 70 API calls _free 81806->81855 81807 6cc7af06 _DecodePointerInternal 81812 6cc7af1b 81807->81812 81810 6cc7aeb6 81856 6cc7e1f9 HeapDestroy 81810->81856 81846 6cc7e0e4 71 API calls 2 library calls 81811->81846 81815 6cc7af36 81812->81815 81816 6cc7af1f 81812->81816 81819 6cc7be0e _free 66 API calls 81815->81819 81858 6cc7d29a 66 API calls 4 library calls 81816->81858 81817 6cc7ae3e 81847 6cc7db02 73 API calls __calloc_crt 81817->81847 81819->81822 81821 6cc7af26 GetCurrentThreadId 81821->81822 81822->81778 81823 6cc7ae48 81824 6cc7ae4c 81823->81824 81849 6cc7e024 95 API calls 3 library calls 81823->81849 81848 6cc7d258 70 API calls _free 81824->81848 81827 6cc7ae58 81828 6cc7ae6c 81827->81828 81850 6cc7dda4 94 API calls 6 library calls 81827->81850 81833 6cc7ae27 81828->81833 81852 6cc7dd4c 67 API calls _free 81828->81852 81831 6cc7ae61 81831->81828 81851 6cc7d8cf 77 API calls 4 library calls 81831->81851 81833->81822 81834->81791 81836 6cc7d234 _DecodePointerInternal TlsSetValue 81835->81836 81837 6cc7aeee 81835->81837 81836->81837 81838 6cc7d761 81837->81838 81841 6cc7d76a 81838->81841 81840 6cc7aefa 81840->81807 81840->81822 81841->81840 81842 6cc7d788 Sleep 81841->81842 81860 6cc80eda 81841->81860 81843 6cc7d79d 81842->81843 81843->81840 81843->81841 81844->81800 81845->81833 81846->81817 81847->81823 81848->81805 81849->81827 81850->81831 81851->81828 81852->81824 81853->81796 81854->81806 81855->81810 81856->81797 81857->81822 81858->81821 81859->81822 81861 6cc80ee6 81860->81861 81866 6cc80f01 81860->81866 81862 6cc80ef2 81861->81862 81861->81866 81869 6cc7bd29 66 API calls __getptd_noexit 81862->81869 81864 6cc80f14 HeapAlloc 81864->81866 81868 6cc80f3b 81864->81868 81865 6cc80ef7 81865->81841 81866->81864 81866->81868 81870 6cc81247 _DecodePointerInternal 81866->81870 81868->81841 81869->81865 81870->81866

                                                                                                                Executed Functions

                                                                                                                Function 6CC60C91 Relevance: 30.0, APIs: 9, Strings: 8, Instructions: 247COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1712 6cc60c91-6cc60cb5 call 6cc86e8d GetModuleHandleW 1715 6cc60cb7-6cc60ce5 call 6cc5833e GetLastError call 6cc61236 1712->1715 1716 6cc60cea-6cc60cfb 1712->1716 1726 6cc61007-6cc61014 call 6cc78f0e call 6cc86f1f 1715->1726 1721 6cc60d03-6cc60db0 GetNativeSystemInfo call 6cc24e07 call 6cc2c5d4 call 6cc78f0e call 6cc5833e call 6cc61236 call 6cc78f0e call 6cc24fd5 1716->1721 1722 6cc60cfd 1716->1722 1744 6cc60db2-6cc60dba GetLastError 1721->1744 1745 6cc60dca 1721->1745 1722->1721 1746 6cc60dc6-6cc60dc8 1744->1746 1747 6cc60dbc-6cc60dc1 1744->1747 1748 6cc60dcc-6cc60e13 call 6cc5833e call 6cc61236 call 6cc78f0e call 6cc24fac 1745->1748 1746->1748 1747->1746 1757 6cc60e15-6cc60e17 1748->1757 1758 6cc60e19 1748->1758 1759 6cc60e20-6cc60e36 1757->1759 1758->1759 1761 6cc60e50 1759->1761 1762 6cc60e38-6cc60e40 GetLastError 1759->1762 1765 6cc60e52-6cc60e9d call 6cc5833e call 6cc61236 call 6cc78f0e 1761->1765 1763 6cc60e42-6cc60e47 1762->1763 1764 6cc60e4c-6cc60e4e 1762->1764 1763->1764 1764->1765 1774 6cc60eb7 1765->1774 1775 6cc60e9f-6cc60ea7 GetLastError 1765->1775 1778 6cc60eb9-6cc60f5d call 6cc5833e call 6cc61236 call 6cc78f0e call 6cc7e770 call 6cc24fac call 6cc25727 call 6cc6356c 1774->1778 1776 6cc60eb3-6cc60eb5 1775->1776 1777 6cc60ea9-6cc60eae 1775->1777 1776->1778 1777->1776 1794 6cc60f77 1778->1794 1795 6cc60f5f-6cc60f67 GetLastError 1778->1795 1798 6cc60f79-6cc60fb4 call 6cc5833e call 6cc61236 call 6cc78f0e call 6cc2712b 1794->1798 1796 6cc60f73-6cc60f75 1795->1796 1797 6cc60f69-6cc60f6e 1795->1797 1796->1798 1797->1796 1806 6cc60fb9-6cc61001 call 6cc2c5d4 call 6cc78f0e call 6cc5833e call 6cc61236 1798->1806 1806->1726
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6CC60C9B
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,0000029C,6CC5A587,?,6CC1A794,?,025122C8,?,00000000,?,Failed to record current state name), ref: 6CC60CAD
                                                                                                                • GetLastError.KERNEL32(?,Failed to record OSFullBuildNumber), ref: 6CC60CCC
                                                                                                                  • Part of subcall function 6CC61236: __EH_prolog3.LIBCMT ref: 6CC6123D
                                                                                                                • GetNativeSystemInfo.KERNEL32(?), ref: 6CC60D21
                                                                                                                • GetLastError.KERNEL32(?,00000000,?,Failed to record OSFullBuildNumber,000001C5,00000000), ref: 6CC60DB2
                                                                                                                • GetLastError.KERNEL32(?,00000000,?,Failed to record OSAbbr,?,00000000,?,Failed to record OSFullBuildNumber,000001C5,00000000), ref: 6CC60E38
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$H_prolog3$H_prolog3_HandleInfoModuleNativeSystem
                                                                                                                • String ID: Failed to record OSAbbr$Failed to record OSComplete$Failed to record OSFullBuildNumber$Failed to record OsSpLevel$Failed to record SystemLocale$Failed to record WindowsInstallerVersion$GetNativeSystemInfo$kernel32.dll
                                                                                                                • API String ID: 684166175-3561000745
                                                                                                                • Opcode ID: 4249f12fad34caffdc58b41ae2767daa116bfd26a9763f8ddf47fe75ce0aa7f2
                                                                                                                • Instruction ID: cbb9c80a586c1ae0a06cc80bebb5220a5901756e3992a02d70d0be6ecc5b1fdf
                                                                                                                • Opcode Fuzzy Hash: 4249f12fad34caffdc58b41ae2767daa116bfd26a9763f8ddf47fe75ce0aa7f2
                                                                                                                • Instruction Fuzzy Hash: 0BA1B631A005599FDB20DBA5CE48BC9B7B9AF4530DF1045D4E104F7A80EB74EA898B65
                                                                                                                Function 640F6525 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 199comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 640F652C
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640EE93B: __EH_prolog3.LIBCMT ref: 640EE942
                                                                                                                • CoInitialize.OLE32(00000000), ref: 640F6596
                                                                                                                  • Part of subcall function 640F697A: __EH_prolog3.LIBCMT ref: 640F6981
                                                                                                                  • Part of subcall function 640F697A: CoCreateInstance.OLE32(640D7980,00000000,00000017,640D7970,?,?,00000068,640F65A6,?,?,?,?,640F2A30,?,00000000,?), ref: 640F69AC
                                                                                                                • CoCreateInstance.OLE32(640D7930,00000000,00000017,640D7970,00000001,?,?,?,?,640F2A30,?,00000000,?,00000000,00000000,?), ref: 640F65BE
                                                                                                                • CoUninitialize.OLE32(00000001,?,00000000,00000000,?,?,succeeded,?,?,?,640F2A30,?,00000000,?,00000000,00000000), ref: 640F66DE
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 640F6773
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$CreateInstance$Exception@8H_prolog3_catchInitializeThrowUninitialize
                                                                                                                • String ID: exiting function/method$Entering Function$IronMan::UiDataT<class IronMan::CCmdLineSwitches>::CreateUiDataT$UIInfo.xml$Xml Document load failure$succeeded$threw exception
                                                                                                                • API String ID: 4239111664-3845428783
                                                                                                                • Opcode ID: 43dab5f3a0ea35c59595994769f92796590e1b15c25146a6546dec13ac35ffca
                                                                                                                • Instruction ID: 4938e1ed2ecdefb64c4efe6e537c1fa487cbf0e835192a5ecbd5023bc5c22cfe
                                                                                                                • Opcode Fuzzy Hash: 43dab5f3a0ea35c59595994769f92796590e1b15c25146a6546dec13ac35ffca
                                                                                                                • Instruction Fuzzy Hash: 4F813E71900268EFDB01DFE8CC44BDEBBB8AF49318F148459E958EB251CB35DA06CB61
                                                                                                                Function 6CC576A7 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 99libraryloaderthreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC576AE
                                                                                                                  • Part of subcall function 6CC7C0AA: _malloc.LIBCMT ref: 6CC7C0C4
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,00000020,6CC5F845,?), ref: 6CC57748
                                                                                                                • GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 6CC57758
                                                                                                                • SetThreadStackGuarantee.KERNEL32(00020000), ref: 6CC5776D
                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(6CC6416A), ref: 6CC57774
                                                                                                                • GetCommandLineW.KERNEL32 ref: 6CC5777A
                                                                                                                  • Part of subcall function 6CC27C6E: __EH_prolog3.LIBCMT ref: 6CC27C75
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$AddressCommandExceptionFilterGuaranteeHandleLineModuleProcStackThreadUnhandled_malloc
                                                                                                                • String ID: SetThreadStackGuarantee$kernel32.dll$passive
                                                                                                                • API String ID: 4088884676-825548933
                                                                                                                • Opcode ID: b856ec3da49ae4472d2e39b0967f4015fa363ec98f7ff2e271999f6273699406
                                                                                                                • Instruction ID: 9353ee14ff552fb167a052a6b0b9f02dcec46def75567da7c7c63fe5e132eba8
                                                                                                                • Opcode Fuzzy Hash: b856ec3da49ae4472d2e39b0967f4015fa363ec98f7ff2e271999f6273699406
                                                                                                                • Instruction Fuzzy Hash: EF41CEB1905340CFDB11CFBAC584A9ABBF0BB15348FA0886ED049DBF01E7349288DB65
                                                                                                                Function 6CC57B40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 95timethreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6CC57B4A
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                • GetCommandLineW.KERNEL32 ref: 6CC57BB4
                                                                                                                • _memset.LIBCMT ref: 6CC57BF4
                                                                                                                • GetTimeZoneInformation.KERNEL32(?), ref: 6CC57C03
                                                                                                                • GetThreadLocale.KERNEL32(00000007,?), ref: 6CC57C3F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CommandH_prolog3H_prolog3_InformationLineLocaleThreadTimeZone_memset
                                                                                                                • String ID: CommandLine = %s$Environment details$Initial LCID = %u$TimeZone = %s
                                                                                                                • API String ID: 1050886296-4009495903
                                                                                                                • Opcode ID: b309abf9d3fc1bada564754de19fca3dc26f0c182273256c46a94b0315121b7c
                                                                                                                • Instruction ID: 357ab3ae47eaae7dd069f51ebd14c2a913e86f0fbfe340a8e113bf8c1f6442de
                                                                                                                • Opcode Fuzzy Hash: b309abf9d3fc1bada564754de19fca3dc26f0c182273256c46a94b0315121b7c
                                                                                                                • Instruction Fuzzy Hash: 7B313B71901218DBDB20DBA9CC49FCDBBB8BF05308F1445DAE149E7A91EB34DA58CB61
                                                                                                                Function 6CC35B82 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 93fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6CC35B8C
                                                                                                                • _memset.LIBCMT ref: 6CC35BBB
                                                                                                                  • Part of subcall function 6CC58E4A: PathAppendW.SHLWAPI(00000000,?,?,?,?,?,6CC699FD,00000000,00000000,?,?,?,00000000,?,UiInfo.xml), ref: 6CC58E6E
                                                                                                                • FindFirstFileW.KERNEL32(?,?,????), ref: 6CC35BDA
                                                                                                                • FindNextFileW.KERNELBASE(?,?), ref: 6CC35CA8
                                                                                                                • FindClose.KERNEL32(?), ref: 6CC35CC1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Find$File$AppendCloseFirstH_prolog3_NextPath_memset
                                                                                                                • String ID: ????
                                                                                                                • API String ID: 2365859831-1216582215
                                                                                                                • Opcode ID: d26d032224ed506569d7f9a3d4ffb2559ba445d8acbba936c88dc24816affd21
                                                                                                                • Instruction ID: a988bd7d78b67932067c10e86afee85c87f66cb2efda982bf225024d523b5b83
                                                                                                                • Opcode Fuzzy Hash: d26d032224ed506569d7f9a3d4ffb2559ba445d8acbba936c88dc24816affd21
                                                                                                                • Instruction Fuzzy Hash: 5231D4719056299BDB20AF64DC88BDE77B8AF0435DF104696F449E6690EB35CA88CB20
                                                                                                                Function 6CC6B390 Relevance: 50.5, APIs: 12, Strings: 16, Instructions: 1496threadCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 0 6cc6b390-6cc6b4a9 call 6cc86e52 call 6cc6d446 call 6cc6d713 call 6cc5833e call 6cc6988c call 6cc54e70 call 6cc78f0e call 6cc5833e call 6cc6988c call 6cc78eab call 6cc2a8cc call 6cc5833e call 6cc55033 call 6cc78f0e call 6cc551c0 SysFreeString call 6cc78f0e call 6cc6d01e call 6cc359b8 call 6cc36083 39 6cc6b514-6cc6b54d call 6cc35e2b GetCommandLineW call 6cc23e77 call 6cc69293 0->39 40 6cc6b4ab-6cc6b50f call 6cc5833e * 2 call 6cc2838a call 6cc78f0e * 2 call 6cc2a378 call 6cc814aa 0->40 54 6cc6b555-6cc6b5ac call 6cc5833e call 6cc6988c call 6cc44718 call 6cc78f0e call 6cc5833e 39->54 55 6cc6b54f 39->55 40->39 72 6cc6b5b4-6cc6b614 call 6cc584b9 call 6cc78f0e * 2 54->72 73 6cc6b5ae 54->73 55->54 81 6cc6b616-6cc6b620 call 6cc44a3f 72->81 82 6cc6b630-6cc6b75a call 6cc42d50 call 6cc42d73 call 6cc23a16 GetThreadLocale call 6cc241d6 call 6cc57889 call 6cc57db0 call 6cc57c9e call 6cc57e78 call 6cc243c4 call 6cc25e41 72->82 73->72 85 6cc6b625-6cc6b627 81->85 106 6cc6b75c-6cc6b762 82->106 107 6cc6b768-6cc6b785 call 6cc58f73 82->107 85->82 87 6cc6b629 85->87 87->82 106->107 108 6cc6b883-6cc6b887 106->108 119 6cc6b787-6cc6b7a6 call 6cc78eab 107->119 120 6cc6b7a8-6cc6b7c2 call 6cc5833e 107->120 110 6cc6b893-6cc6b89c call 6cc553e5 108->110 111 6cc6b889-6cc6b88d 108->111 117 6cc6b8a1-6cc6b8a3 110->117 111->110 113 6cc6b956-6cc6b9a8 call 6cc56dcb call 6cc42d2f call 6cc24272 111->113 136 6cc6b9c3-6cc6b9c5 113->136 137 6cc6b9aa-6cc6b9b8 call 6cc242b6 113->137 117->113 121 6cc6b8a9-6cc6b953 call 6cc6cb31 call 6cc5833e call 6cc6ce5c call 6cc78f0e * 2 call 6cc55a5a call 6cc443ed call 6cc241a9 call 6cc35b32 call 6cc6d6d1 call 6cc86f06 117->121 130 6cc6b7c9-6cc6b7f7 call 6cc42d50 call 6cc575b5 call 6cc78f0e 119->130 120->130 156 6cc6b80b-6cc6b813 130->156 157 6cc6b7f9-6cc6b806 call 6cc78f0e 130->157 143 6cc6b9c6-6cc6ba05 call 6cc46e46 call 6cc78f0e call 640ee1ad 136->143 137->136 150 6cc6b9ba-6cc6b9bd 137->150 167 6cc6ba07-6cc6ba27 call 6cc6cb31 143->167 168 6cc6ba7c-6cc6bab6 call 6cc42d50 call 6cc78f0e 143->168 150->136 155 6cc6b9bf-6cc6b9c1 150->155 155->143 162 6cc6b815-6cc6b81b call 6cc78f0e 156->162 163 6cc6b820-6cc6b84b call 6cc58e8b 156->163 157->156 162->163 184 6cc6b850-6cc6b852 163->184 179 6cc6ba2c-6cc6ba75 call 6cc5833e call 6cc6ce5c call 6cc46f61 call 6cc5be94 call 6cc78f0e * 2 167->179 196 6cc6bae1-6cc6bb00 call 6cc2be2b 168->196 197 6cc6bab8-6cc6badc call 6cc6cb31 168->197 179->168 187 6cc6b854-6cc6b859 call 6cc57a1c 184->187 188 6cc6b85e-6cc6b87e call 6cc78f0e * 3 184->188 187->188 188->108 210 6cc6bb06-6cc6bb0d 196->210 211 6cc6bbd0-6cc6bc04 call 6cc42d50 call 6cc78f0e 196->211 197->179 210->211 215 6cc6bb13-6cc6bb1d call 6cc7c0aa 210->215 228 6cc6bb2c-6cc6bb74 call 6cc42d50 call 6cc6cec8 call 6cc78f0e 211->228 231 6cc6bc0a-6cc6bc48 call 6cc6cb31 call 6cc5833e call 6cc6ce5c 211->231 224 6cc6bb23-6cc6bb29 215->224 225 6cc6bbc8-6cc6bbcb 215->225 224->228 225->228 242 6cc6bb7a-6cc6bbc0 call 6cc46f61 call 6cc5be94 call 6cc78f0e * 2 228->242 243 6cc6bc5b-6cc6bc68 call 6cc24272 228->243 248 6cc6bc4b-6cc6bc56 231->248 242->225 249 6cc6bc7f-6cc6bccc call 6cc6cb31 call 6cc5833e call 6cc6ce5c 243->249 250 6cc6bc6a-6cc6bc78 call 6cc242b6 243->250 248->243 275 6cc6bcce-6cc6bcda 249->275 250->249 259 6cc6bc7a-6cc6bc7d 250->259 259->249 261 6cc6bcdf-6cc6bd02 call 6cc5833e call 6cc24552 259->261 276 6cc6bd04-6cc6bd6d call 6cc6cb31 call 6cc5833e call 6cc6ce5c call 6cc78f0e 261->276 277 6cc6bd72-6cc6bdcb call 6cc42d50 call 6cc5586d call 6cc78f0e call 6cc5594b 261->277 275->248 276->275 295 6cc6bdd1-6cc6bdd6 277->295 296 6cc6beed-6cc6bf26 call 6cc42d50 call 6cc78f0e 277->296 299 6cc6bddc-6cc6be85 call 6cc5833e call 6cc5ae4a call 6cc2420c call 6cc57a92 CloseHandle call 6cc78f0e * 2 call 6cc46f61 call 6cc5be94 call 6cc78f0e * 2 295->299 300 6cc6be8d-6cc6bee8 call 6cc6cb31 call 6cc5833e call 6cc6ce5c CloseHandle call 6cc78f0e 295->300 318 6cc6bf9b-6cc6c011 call 6cc42d50 call 6cc48fce call 6cc24486 call 6cc78f0e 296->318 319 6cc6bf28-6cc6bf91 CloseHandle call 6cc78f0e * 2 call 6cc46f61 call 6cc5be94 call 6cc78f0e * 2 296->319 299->300 300->296 345 6cc6c017-6cc6c01b 318->345 346 6cc6c100-6cc6c16c call 6cc24486 call 6cc5833e call 6cc78f0e 318->346 319->318 348 6cc6c023-6cc6c030 call 6cc2420c 345->348 349 6cc6c01d-6cc6c021 345->349 387 6cc6c16e-6cc6c178 call 6cc78d3a 346->387 388 6cc6c17b-6cc6c233 GetTempPathW call 6cc78afc call 6cc42d73 call 6cc42d50 call 6cc58c7a call 6cc58c24 call 6cc5ff21 call 6cc78f0e * 4 CreateDirectoryW 346->388 348->346 354 6cc6c036-6cc6c03d call 6cc49048 348->354 349->348 349->354 365 6cc6c042-6cc6c04c 354->365 375 6cc6c053-6cc6c060 365->375 376 6cc6c04e-6cc6c051 365->376 377 6cc6c0a4-6cc6c0e5 call 6cc2420c call 6cc57a92 call 6cc78f0e 375->377 383 6cc6c062-6cc6c06b 375->383 376->377 395 6cc6c0ea-6cc6c0f3 377->395 394 6cc6c06d-6cc6c09d call 6cc5833e call 6cc5b057 call 6cc78f0e 383->394 383->395 387->388 427 6cc6c235-6cc6c240 GetLastError 388->427 428 6cc6c25c-6cc6c275 call 6cc5833e call 6cc584b9 388->428 394->377 395->346 406 6cc6c0f5-6cc6c0fb call 6cc6d713 395->406 406->346 427->428 429 6cc6c242-6cc6c25a call 6cc25d3f call 6cc584b9 427->429 438 6cc6c278-6cc6c3ec call 6cc78f0e * 2 call 6cc6d779 call 6cc6e449 call 6cc259a2 call 6cc51494 call 6cc25d3f call 6cc78eab call 6cc24486 428->438 429->438 458 6cc6c3f4-6cc6c4e1 call 6cc259a2 call 6cc78f0e call 6cc24460 call 6cc476bb call 6cc78f0e call 6cc24460 call 6cc476bb call 6cc78f0e call 6cc24460 call 6cc78f0e 438->458 459 6cc6c3ee 438->459 480 6cc6c4f5-6cc6c52f call 6cc47053 458->480 481 6cc6c4e3-6cc6c4f2 458->481 459->458 485 6cc6c627-6cc6c670 480->485 486 6cc6c535-6cc6c622 call 6cc6cb31 call 6cc5833e call 6cc6ce5c call 6cc47148 call 6cc47773 * 2 call 6cc47292 call 6cc78f0e * 2 call 6cc47292 call 6cc6e49e call 6cc6d985 call 6cc78f0e * 2 480->486 481->480 497 6cc6c674-6cc6c6a5 485->497 486->485 508 6cc6c6a7-6cc6c6c0 497->508 509 6cc6c6cc-6cc6c6e8 call 6cc2420c 497->509 508->509 515 6cc6c6c2-6cc6c6c9 508->515 520 6cc6c713-6cc6c740 call 6cc57a92 call 6cc42d50 509->520 521 6cc6c6ea-6cc6c6f8 509->521 515->509 535 6cc6c755-6cc6c8ec call 6cc78f0e call 6cc47148 call 6cc47773 * 2 call 6cc47292 call 6cc78f0e * 2 call 6cc47292 call 6cc6e49e call 6cc6d985 call 6cc78f0e * 3 CloseHandle call 6cc78f0e * 2 call 6cc46f61 call 6cc5be94 call 6cc78f0e * 2 call 6cc55a5a call 6cc443ed call 6cc241a9 call 6cc35b32 call 6cc6d6d1 520->535 536 6cc6c742-6cc6c750 call 6cc763d7 520->536 524 6cc6c6ff-6cc6c70d 521->524 525 6cc6c6fa-6cc6c6fd 521->525 524->520 525->520 525->524 536->535
                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 6CC6B39A
                                                                                                                  • Part of subcall function 6CC6D446: __EH_prolog3_catch.LIBCMT ref: 6CC6D44D
                                                                                                                  • Part of subcall function 6CC6D446: GetCommandLineW.KERNEL32(0000006C,6CC6B3B6,?,00000738,6CC5FA6E,?,6CC1A794,025122C8), ref: 6CC6D48E
                                                                                                                  • Part of subcall function 6CC6D446: CoInitialize.OLE32(00000000), ref: 6CC6D4EF
                                                                                                                  • Part of subcall function 6CC6D713: CreateThread.KERNEL32(00000000,00000000,6CC723E8,?,00000000,00000000), ref: 6CC6D729
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC6988C: __EH_prolog3.LIBCMT ref: 6CC69893
                                                                                                                  • Part of subcall function 6CC6988C: GetCommandLineW.KERNEL32(0000002C,6CC6D52A,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC698B4
                                                                                                                  • Part of subcall function 6CC6988C: PathIsRelativeW.SHLWAPI(?,?,?,00000000,?,UiInfo.xml,?,?,00000000,?), ref: 6CC6996E
                                                                                                                  • Part of subcall function 6CC54E70: __EH_prolog3.LIBCMT ref: 6CC54E77
                                                                                                                  • Part of subcall function 6CC54E70: __CxxThrowException@8.LIBCMT ref: 6CC54F68
                                                                                                                  • Part of subcall function 6CC54E70: ReadFile.KERNEL32(?,?,00000002,?,00000000,?,80000000,00000001,00000003,00000080,00000000,?,?,?,?,0000002C), ref: 6CC54F7E
                                                                                                                  • Part of subcall function 6CC54E70: CloseHandle.KERNEL32(?), ref: 6CC54FA1
                                                                                                                  • Part of subcall function 6CC2A8CC: __EH_prolog3.LIBCMT ref: 6CC2A8D3
                                                                                                                  • Part of subcall function 6CC2A8CC: PathIsRelativeW.SHLWAPI(00000000,00000000,?,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC2A90B
                                                                                                                  • Part of subcall function 6CC2A8CC: GetModuleFileNameW.KERNEL32(00000010,00000104,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC2A964
                                                                                                                  • Part of subcall function 6CC2A8CC: __CxxThrowException@8.LIBCMT ref: 6CC2AA28
                                                                                                                  • Part of subcall function 6CC55033: __EH_prolog3.LIBCMT ref: 6CC5503A
                                                                                                                  • Part of subcall function 6CC55033: __CxxThrowException@8.LIBCMT ref: 6CC550B6
                                                                                                                  • Part of subcall function 6CC551C0: __EH_prolog3_catch.LIBCMT ref: 6CC551C7
                                                                                                                  • Part of subcall function 6CC551C0: CoInitialize.OLE32(00000000), ref: 6CC551DC
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 6CC6B471
                                                                                                                  • Part of subcall function 6CC6D01E: __EH_prolog3.LIBCMT ref: 6CC6D025
                                                                                                                  • Part of subcall function 6CC6D01E: PathFileExistsW.SHLWAPI(?,6CC161FC,graphics,?,00000054,6CC6B48A,?,?,?,?,ParameterInfo.xml,?,00000000,?,?,ParameterInfo.xml), ref: 6CC6D0BE
                                                                                                                  • Part of subcall function 6CC359B8: __EH_prolog3.LIBCMT ref: 6CC359BF
                                                                                                                  • Part of subcall function 6CC36083: __EH_prolog3_catch.LIBCMT ref: 6CC3608A
                                                                                                                • GetCommandLineW.KERNEL32(?,?,?,?,?,ParameterInfo.xml,?,00000000,?,?,ParameterInfo.xml,?,?,00000738,6CC5FA6E,?), ref: 6CC6B51F
                                                                                                                  • Part of subcall function 6CC2838A: __EH_prolog3.LIBCMT ref: 6CC28391
                                                                                                                  • Part of subcall function 6CC2A378: __EH_prolog3.LIBCMT ref: 6CC2A37F
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC6B50F
                                                                                                                  • Part of subcall function 6CC814AA: KiUserExceptionDispatcher.NTDLL(?,?,6CC7C129,00000C00,?,?,?,?,6CC7C129,00000C00,6CC9BA3C,6CCB76D4,00000C00,00000020,6CC5F845,?), ref: 6CC814EC
                                                                                                                  • Part of subcall function 6CC23A16: __EH_prolog3.LIBCMT ref: 6CC23A1D
                                                                                                                • GetThreadLocale.KERNEL32(?,passive,00000000), ref: 6CC6B6C8
                                                                                                                  • Part of subcall function 6CC57889: __EH_prolog3.LIBCMT ref: 6CC57890
                                                                                                                  • Part of subcall function 6CC57DB0: __EH_prolog3.LIBCMT ref: 6CC57DB7
                                                                                                                  • Part of subcall function 6CC57C9E: __EH_prolog3.LIBCMT ref: 6CC57CA5
                                                                                                                  • Part of subcall function 6CC57E78: __EH_prolog3.LIBCMT ref: 6CC57E7F
                                                                                                                  • Part of subcall function 6CC243C4: __EH_prolog3.LIBCMT ref: 6CC243CB
                                                                                                                  • Part of subcall function 6CC25E41: __EH_prolog3.LIBCMT ref: 6CC25E48
                                                                                                                  • Part of subcall function 6CC25E41: PathFindFileNameW.SHLWAPI(?,?,?,0000000C,6CC25E13,?,6CC5831D,?,0000000C,6CC27D3D,?,00000000,?,?,6CC1AB18,00000008), ref: 6CC25E83
                                                                                                                  • Part of subcall function 6CC25E41: PathFindExtensionW.SHLWAPI(?), ref: 6CC25EA0
                                                                                                                  • Part of subcall function 6CC56DCB: GetCommandLineW.KERNEL32(9B5DCFA9,?,?,00000000,?,?,?,?,?,ParameterInfo.xml,?,?,?,00000000,?,?), ref: 6CC56E16
                                                                                                                  • Part of subcall function 6CC5594B: __EH_prolog3.LIBCMT ref: 6CC55952
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,OneInstance,?,00000000,?,ParameterInfo.xml,?,?,00000738,6CC5FA6E,?,6CC1A794,025122C8), ref: 6CC6BED4
                                                                                                                  • Part of subcall function 6CC5AE4A: __EH_prolog3.LIBCMT ref: 6CC5AE51
                                                                                                                • CloseHandle.KERNEL32(?,?,00000000,?,00000001,00000007,?,OneInstance,?,?,00000000,?,?,?,?,?), ref: 6CC6BE22
                                                                                                                  • Part of subcall function 6CC46F61: __EH_prolog3.LIBCMT ref: 6CC46F68
                                                                                                                  • Part of subcall function 6CC5BE94: _free.LIBCMT ref: 6CC5BEBC
                                                                                                                  • Part of subcall function 6CC5BE94: _free.LIBCMT ref: 6CC5BECD
                                                                                                                • CloseHandle.KERNEL32(?), ref: 6CC6BF2E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Path$CloseCommandException@8FileH_prolog3_catchHandleLineThrow$FindInitializeNameRelativeThread_free$CreateDispatcherExceptionExistsExtensionFreeLocaleModuleReadStringUser
                                                                                                                • String ID: !$#(loc.ids_wer_message)$%TEMP%\$Blocker$Command-line option error: $CreateFilesInUser$CreateHelpUsage$CreateUiMode$FactoryInitialization$InvalidArguments$OneInstance$PISemanticChecker$ParameterInfo.xml$Parameterinfo.xml or UiInfo.xml has a #Loc that is not defined in LocalizeData.xml $W$passive
                                                                                                                • API String ID: 5912831-280204926
                                                                                                                • Opcode ID: 38ade546f62bab33e5be5ae6f62420278c418322deedd4b49795a953f31bf1a4
                                                                                                                • Instruction ID: a1013801287d5d4238d058a1d1fa7f8d6733bd20800a557527bc5259ba791127
                                                                                                                • Opcode Fuzzy Hash: 38ade546f62bab33e5be5ae6f62420278c418322deedd4b49795a953f31bf1a4
                                                                                                                • Instruction Fuzzy Hash: 3EE24B71D00258DFCF21DBA8C984BDDBBB4AF05318F148199E518B7B91EB349A89CF61
                                                                                                                Function 640F697A Relevance: 49.5, APIs: 16, Strings: 12, Instructions: 457comCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 594 640f697a-640f69b6 call 6410265b call 640e1e75 CoCreateInstance 599 640f69b8-640f6a10 call 640dc98c call 640db93e call 640f8460 call 640db93e 594->599 600 640f6a36-640f6a87 call 640ee8e8 call 640f50fb PathIsRelativeW 594->600 614 640f6a18-640f6a33 call 640f8460 * 2 call 64102709 599->614 615 640f6a12-640f6a14 599->615 620 640f6a89 600->620 621 640f6a94-640f6ac5 call 640f83fd call 640ef21d PathFileExistsW * 2 600->621 615->614 625 640f6a92 620->625 634 640f6ac7-640f6acd call 640eea8d 621->634 635 640f6ad2-640f6ad9 call 640f8460 621->635 628 640f6ade-640f6b23 call 640f7cdc call 640db93e 625->628 641 640f6b29-640f6b2e 628->641 642 640f6df0-640f6ed5 call 640ee8e8 * 2 call 640f80ba call 640f8460 * 2 call 640ee8e8 628->642 634->635 635->628 641->642 643 640f6b34-640f6b56 CoCreateInstance 641->643 645 640f6b58-640f6bb1 call 640dc98c call 640db93e call 640f8460 call 640db93e 643->645 646 640f6bd3-640f6bf0 call 640ee8e8 PathIsRelativeW 643->646 673 640f6bb9-640f6bce VariantClear call 640f8460 645->673 674 640f6bb3-640f6bb5 645->674 652 640f6bfd-640f6c2e call 640f83fd call 640ef21d PathFileExistsW * 2 646->652 653 640f6bf2-640f6bfb 646->653 670 640f6c3b-640f6c42 call 640f8460 652->670 671 640f6c30-640f6c36 call 640eea8d 652->671 662 640f6c47-640f6c80 call 640db93e call 640f7cdc 653->662 683 640f6c84-640f6c96 VariantClear 662->683 670->662 671->670 673->646 674->673 685 640f6c98-640f6cab call 640fdbdb 683->685 686 640f6cb0-640f6cbf 683->686 685->686 689 640f6cc7-640f6d19 VariantClear 686->689 690 640f6cc1-640f6cc3 686->690 701 640f6d1f-640f6db0 call 640ee8e8 call 640f80ba call 640f8460 call 640ee8e8 call 640dca39 689->701 702 640f6db8-640f6dc1 689->702 690->689 701->702 703 640f6dc9-640f6ddd call 640f8460 702->703 704 640f6dc3-640f6dc5 702->704 712 640f6ddf-640f6de1 703->712 713 640f6de5-640f6de9 VariantClear 703->713 704->703 712->713 713->642
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640F6981
                                                                                                                  • Part of subcall function 640E1E75: __EH_prolog3.LIBCMT ref: 640E1E7C
                                                                                                                  • Part of subcall function 640E1E75: GetThreadLocale.KERNEL32(?,00000004,640E6734,0000004C,0000004C,640E7142,?,00000000), ref: 640E1E8E
                                                                                                                • CoCreateInstance.OLE32(640D7980,00000000,00000017,640D7970,?,?,00000068,640F65A6,?,?,?,?,640F2A30,?,00000000,?), ref: 640F69AC
                                                                                                                • PathIsRelativeW.SHLWAPI(?,?,?,?,?,?,?,640F2A30,?,00000000,?,00000000,00000000,?,?,00000000), ref: 640F6A7F
                                                                                                                • PathFileExistsW.KERNELBASE(?,?,?,?,?,640F2A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008,640EE271), ref: 640F6A8C
                                                                                                                • PathFileExistsW.SHLWAPI(?,?,?,?,?,?,640F2A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008), ref: 640F6ABE
                                                                                                                • PathFileExistsW.SHLWAPI(?,?,?,?,?,640F2A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008,640EE271), ref: 640F6AC1
                                                                                                                • CoCreateInstance.OLE32(640D7990,00000000,00000017,640D79A0,?), ref: 640F6B4C
                                                                                                                  • Part of subcall function 640DC98C: GetThreadLocale.KERNEL32 ref: 640DC999
                                                                                                                  • Part of subcall function 640DB93E: __EH_prolog3.LIBCMT ref: 640DB945
                                                                                                                  • Part of subcall function 640EF21D: PathAppendW.SHLWAPI(00000000,00000000,?,00000105,?,?,80070057,80070057,640DC3AE), ref: 640EF241
                                                                                                                • VariantClear.OLEAUT32(?), ref: 640F6BBD
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                • PathIsRelativeW.SHLWAPI(?,?), ref: 640F6BE8
                                                                                                                • PathFileExistsW.SHLWAPI(?), ref: 640F6BF5
                                                                                                                • PathFileExistsW.KERNELBASE(?,?), ref: 640F6C27
                                                                                                                • PathFileExistsW.KERNELBASE(?), ref: 640F6C2A
                                                                                                                • VariantClear.OLEAUT32(?), ref: 640F6C8E
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 640F6CAB
                                                                                                                • VariantClear.OLEAUT32(?), ref: 640F6CED
                                                                                                                • VariantClear.OLEAUT32(?), ref: 640F6DE9
                                                                                                                  • Part of subcall function 640DCA39: __EH_prolog3.LIBCMT ref: 640DCA40
                                                                                                                Strings
                                                                                                                • Stopping XML schema validation of UI information and continuing, xrefs: 640F69FA, 640F6B9A
                                                                                                                • SetupUi.xsd, xrefs: 640F6BD7
                                                                                                                • CoCreateInstance of DOMDocument60 failed with hr = 0x%x (%s), xrefs: 640F69DC
                                                                                                                • Validation FAILED Err on line: %d @column: %dReason:%s SrcText:%s, xrefs: 640F6E8B
                                                                                                                • ^t, xrefs: 640F6A8C, 640F6BF5
                                                                                                                • CoCreateInstance of XMLSchemaCache60 failed with hr = 0x%x (%s), xrefs: 640F6B7C
                                                                                                                • Loading file - %s, xrefs: 640F6AF3
                                                                                                                • UiInfo.xml, xrefs: 640F6A65
                                                                                                                • Add to schema collection schema file - %s, xrefs: 640F6C4D
                                                                                                                • http://schemas.microsoft.com/SetupUI/2008/01/imui, xrefs: 640F6C7A
                                                                                                                • UIInfo.xml, xrefs: 640F6D8C, 640F6EC3
                                                                                                                • Validation FAILED Reason:%s, xrefs: 640F6D5F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Path$ExistsFile$H_prolog3$ClearVariant$CreateInstanceLocaleRelativeThread$AppendException@8Throw
                                                                                                                • String ID: Validation FAILED Reason:%s$Validation FAILED Err on line: %d @column: %dReason:%s SrcText:%s$Add to schema collection schema file - %s$CoCreateInstance of DOMDocument60 failed with hr = 0x%x (%s)$CoCreateInstance of XMLSchemaCache60 failed with hr = 0x%x (%s)$Loading file - %s$SetupUi.xsd$Stopping XML schema validation of UI information and continuing$UIInfo.xml$UiInfo.xml$http://schemas.microsoft.com/SetupUI/2008/01/imui$^t
                                                                                                                • API String ID: 3881019808-4193238603
                                                                                                                • Opcode ID: 2f68e0735a0bc43764d4b2618bb8ae2377d1e1b17da52052d515ef725d621701
                                                                                                                • Instruction ID: 8593830897b113e01bdd97f6e3470a31f9bba923ef2bce8168c35e4a5243c6d4
                                                                                                                • Opcode Fuzzy Hash: 2f68e0735a0bc43764d4b2618bb8ae2377d1e1b17da52052d515ef725d621701
                                                                                                                • Instruction Fuzzy Hash: 78022A71D00259EFDF00DFE8C944BDDBBB5AF09318F148568E914BB251DB35AA0ACB61
                                                                                                                Function 640E2B11 Relevance: 40.7, APIs: 11, Strings: 12, Instructions: 447COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 725 640e2b11-640e2ba8 call 6410265b call 640ee8e8 call 640dd65f call 640f8460 call 640ee8e8 call 640dd65f call 640dd76f call 640ee8e8 call 640f8460 744 640e2baa-640e2bac 725->744 745 640e2bb0-640e2c18 call 640f8460 call 640ee8e8 call 640dd65f call 640dd76f call 640ee8e8 call 640f8460 725->745 744->745 758 640e2c1a-640e2c1c 745->758 759 640e2c20-640e2c9b call 640f8460 call 640ee8e8 call 640dd65f call 640f8460 call 640ee8e8 call 640dd6c4 call 640dd76f 745->759 758->759 774 640e2c9d-640e2c9f 759->774 775 640e2ca3-640e2cde call 640f8460 759->775 774->775 778 640e2ce1-640e2d22 call 640ee8e8 call 640dd6c4 call 640dd76f 775->778 785 640e2d2a-640e2d46 call 640f8460 call 640f8199 778->785 786 640e2d24-640e2d26 778->786 791 640e2d4b-640e2d86 call 640ee8e8 call 640ef5fd call 640f8460 * 2 785->791 792 640e2d48 785->792 786->785 791->778 801 640e2d8c-640e2da4 call 640e1e75 PathIsRelativeW 791->801 792->791 804 640e2dbb-640e2df4 call 640f83fd call 640ef21d * 2 PathFileExistsW 801->804 805 640e2da6-640e2db6 PathFileExistsW 801->805 831 640e2e0e-640e2e13 PathFileExistsW 804->831 832 640e2df6-640e2e0b call 640eea8d call 640ef21d 804->832 807 640e2e5a-640e2e5c 805->807 809 640e2e5e-640e2ebb call 640dc9bb call 640dcb96 call 640f8460 call 640dd1b4 call 640fdbdb 807->809 810 640e2e2c-640e2e37 PathIsRelativeW 807->810 812 640e2ec0-640e2ef3 call 640f83fd call 640ef21d * 2 PathFileExistsW 809->812 811 640e2e3d-640e2e47 PathFileExistsW 810->811 810->812 815 640e2f92-640e2f94 811->815 851 640e2f0d-640e2f12 PathFileExistsW 812->851 852 640e2ef5-640e2f0a call 640eea8d call 640ef21d 812->852 822 640e2f96-640e2fef call 640dc9bb call 640dcb96 call 640f8460 call 640dd1b4 815->822 823 640e2f27-640e2f71 call 640f83fd * 2 815->823 889 640e2ff7-640e2ffa 822->889 849 640e3028-640e305a call 640f8460 * 2 call 640ef5a3 call 640f8460 823->849 850 640e2f77-640e2f82 823->850 838 640e2e4c-640e2e58 call 640f8460 831->838 839 640e2e15-640e2e27 call 640eea8d call 640f8460 831->839 832->831 838->807 839->810 892 640e305c-640e305e 849->892 893 640e3062-640e3081 call 640f8460 * 2 849->893 858 640e2ffc-640e2fff 850->858 861 640e2f84-640e2f90 call 640f8460 851->861 862 640e2f14-640e2f22 call 640eea8d call 640f8460 851->862 852->851 870 640e3005-640e300b 858->870 871 640e3093-640e30ab RaiseException 858->871 861->815 862->823 870->871 878 640e3011-640e3026 call 640ef5fd 870->878 878->849 878->889 889->858 892->893 898 640e3089-640e3090 call 64102709 893->898 899 640e3083-640e3085 893->899 899->898
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E2B1B
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640DD76F: __EH_prolog3.LIBCMT ref: 640DD776
                                                                                                                  • Part of subcall function 640DD76F: SysFreeString.OLEAUT32(00000000), ref: 640DD7CA
                                                                                                                • PathIsRelativeW.SHLWAPI(?,00000001,?,000000FF,?,?,?,?,00000001,?,?,?,000000FF,00000088,640F6F88,?), ref: 640E2D9C
                                                                                                                • PathFileExistsW.SHLWAPI(?,?,?,?,640F2A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008,640EE271,00000000), ref: 640E2DAF
                                                                                                                • PathFileExistsW.KERNELBASE(00000005,?,?,?,?,?,640F2A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008), ref: 640E2DF0
                                                                                                                • PathFileExistsW.KERNELBASE(00000005,?,?,?,640F2A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008,640EE271,00000000), ref: 640E2E0F
                                                                                                                • PathIsRelativeW.SHLWAPI(00000001,?,?,?,640F2A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008,640EE271,00000000), ref: 640E2E2F
                                                                                                                • PathFileExistsW.SHLWAPI(00000001,?,?,?,640F2A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008,640EE271,00000000), ref: 640E2E40
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 640E2EBB
                                                                                                                • PathFileExistsW.KERNELBASE(00000005,00000001,?,?,?,?,640F2A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008), ref: 640E2EEF
                                                                                                                  • Part of subcall function 640EF21D: PathAppendW.SHLWAPI(00000000,00000000,?,00000105,?,?,80070057,80070057,640DC3AE), ref: 640EF241
                                                                                                                • PathFileExistsW.KERNELBASE(00000005,?,?,?,640F2A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008,640EE271,00000000), ref: 640E2F0E
                                                                                                                  • Part of subcall function 640F83FD: _memcpy_s.LIBCMT ref: 640F844E
                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,?,?,640F2A30,?,00000000,?,00000000,00000000,?,?,00000000), ref: 640E309C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Path$ExistsFile$H_prolog3$Relative$AppendExceptionException@8FreeRaiseStringThrow_memcpy_s
                                                                                                                • String ID: %$Caption$CreateLayout$Default$HeaderImage$Install$Repair$Uninstall$UninstallPatch$Watermark$WizardImages$^t
                                                                                                                • API String ID: 2164894574-3421846303
                                                                                                                • Opcode ID: 8cef7e478d04d9a19dc7f08a07d335b8f903438c0d5170eff6c97378a417756b
                                                                                                                • Instruction ID: 9b931da0f90b78d6782b970bfee3183865e1af81c81c15d82d6cd1443e0e7c02
                                                                                                                • Opcode Fuzzy Hash: 8cef7e478d04d9a19dc7f08a07d335b8f903438c0d5170eff6c97378a417756b
                                                                                                                • Instruction Fuzzy Hash: 6F121F7290026DEFEF00DFE8C944BDDBBB8AF05318F148155E814AB291DB74EA19DB61
                                                                                                                Function 6CC609E3 Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 228registryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 902 6cc609e3-6cc60a25 call 6cc86e8d call 6cc25727 908 6cc60a27-6cc60a2f GetLastError 902->908 909 6cc60a3f 902->909 910 6cc60a31-6cc60a36 908->910 911 6cc60a3b-6cc60a3d 908->911 912 6cc60a41-6cc60a80 call 6cc5833e call 6cc61236 call 6cc78f0e 909->912 910->911 911->912 920 6cc60a82-6cc60a8a GetLastError 912->920 921 6cc60a9a 912->921 923 6cc60a96-6cc60a98 920->923 924 6cc60a8c-6cc60a91 920->924 922 6cc60a9c-6cc60ae9 call 6cc5833e call 6cc61236 call 6cc78f0e RegOpenKeyExW 921->922 931 6cc60bc2-6cc60bd9 call 6cc7e770 922->931 932 6cc60aef-6cc60b14 RegQueryValueExW 922->932 923->922 924->923 940 6cc60bdc-6cc60be1 931->940 933 6cc60b16-6cc60b34 RegQueryValueExW 932->933 934 6cc60b52-6cc60b5f RegCloseKey 932->934 933->934 936 6cc60b36-6cc60b4f RegQueryValueExW 933->936 937 6cc60bc0 934->937 938 6cc60b61-6cc60b73 934->938 936->934 937->931 943 6cc60b75-6cc60b7d GetLastError 938->943 944 6cc60b8d 938->944 940->940 942 6cc60be3-6cc60bf2 GlobalMemoryStatusEx 940->942 945 6cc60bf4-6cc60c13 942->945 946 6cc60c4f-6cc60c74 call 6cc5833e GetLastError call 6cc61236 942->946 949 6cc60b7f-6cc60b84 943->949 950 6cc60b89-6cc60b8b 943->950 947 6cc60b8f-6cc60bbf call 6cc5833e call 6cc61236 call 6cc78f0e 944->947 954 6cc60c15-6cc60c1d GetLastError 945->954 955 6cc60c2b-6cc60c4d call 6cc5833e call 6cc61236 945->955 965 6cc60c77-6cc60c8b call 6cc78f0e call 6cc63439 call 6cc86f1f 946->965 947->937 949->950 950->947 958 6cc60c1f-6cc60c24 954->958 959 6cc60c29 954->959 955->965 958->959 959->955
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6CC609ED
                                                                                                                  • Part of subcall function 6CC25727: GetModuleHandleW.KERNEL32(kernel32.dll,?,6CC25782,00000000,6CC5831D), ref: 6CC25731
                                                                                                                  • Part of subcall function 6CC25727: GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 6CC25741
                                                                                                                • GetLastError.KERNEL32 ref: 6CC60A27
                                                                                                                • GetLastError.KERNEL32 ref: 6CC60A82
                                                                                                                • RegOpenKeyExW.KERNEL32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,00000000,00020019,?,?,00000000,?,Failed to record NumberOfProcessor), ref: 6CC60ADE
                                                                                                                • RegQueryValueExW.KERNEL32(?,~MHz,00000000,00000000,?,?), ref: 6CC60B0D
                                                                                                                • RegQueryValueExW.ADVAPI32(?,~Mhz,00000000,00000000,?,?), ref: 6CC60B2D
                                                                                                                • RegQueryValueExW.ADVAPI32(?,~mhz,00000000,00000000,?,?), ref: 6CC60B4D
                                                                                                                • RegCloseKey.KERNEL32(?), ref: 6CC60B55
                                                                                                                • GetLastError.KERNEL32 ref: 6CC60B75
                                                                                                                • _memset.LIBCMT ref: 6CC60BCC
                                                                                                                • GlobalMemoryStatusEx.KERNEL32(?,?,?,6CC1A738,?,?,00000738,6CC5FA6E,?,6CC1A794,025122C8), ref: 6CC60BEA
                                                                                                                • GetLastError.KERNEL32(?,?,00000738,6CC5FA6E,?,6CC1A794,025122C8), ref: 6CC60C15
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                • GetLastError.KERNEL32(?,GlobalMemoryStatusEx failed,?,?,00000738,6CC5FA6E,?,6CC1A794,025122C8), ref: 6CC60C60
                                                                                                                  • Part of subcall function 6CC61236: __EH_prolog3.LIBCMT ref: 6CC6123D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$QueryValue$H_prolog3$AddressCloseGlobalH_prolog3_HandleMemoryModuleOpenProcStatus_memset
                                                                                                                • String ID: Failed to record CpuArchitecture$Failed to record NumberOfProcessor$Failed to record SystemMemory$GlobalMemoryStatusEx failed$HARDWARE\DESCRIPTION\System\CentralProcessor\0$~MHz$~Mhz$~mhz
                                                                                                                • API String ID: 2659457873-2309824155
                                                                                                                • Opcode ID: 32122f92f737175fec5a62ed05473335dc90e8cc27d35e73ccc8cc39e6388cea
                                                                                                                • Instruction ID: 5b4b69e1a95b22d2bfdea081cd5b223f47983c291d394841b61def43a48841fa
                                                                                                                • Opcode Fuzzy Hash: 32122f92f737175fec5a62ed05473335dc90e8cc27d35e73ccc8cc39e6388cea
                                                                                                                • Instruction Fuzzy Hash: 57819071A00248ABDB20CFE6CD85FDEBBB9AF45318F104669E515FBA90E730DA05DB50
                                                                                                                Function 6CC6D01E Relevance: 35.1, APIs: 3, Strings: 17, Instructions: 92COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC6D025
                                                                                                                  • Part of subcall function 6CC25D3F: __EH_prolog3.LIBCMT ref: 6CC25D46
                                                                                                                  • Part of subcall function 6CC25D3F: GetModuleFileNameW.KERNEL32(6CC00000,00000010,00000104,?,6CC5831D,00000000), ref: 6CC25D93
                                                                                                                  • Part of subcall function 6CC58E4A: PathAppendW.SHLWAPI(00000000,?,?,?,?,?,6CC699FD,00000000,00000000,?,?,?,00000000,?,UiInfo.xml), ref: 6CC58E6E
                                                                                                                • PathFileExistsW.SHLWAPI(?,6CC161FC,graphics,?,00000054,6CC6B48A,?,?,?,?,ParameterInfo.xml,?,00000000,?,?,ParameterInfo.xml), ref: 6CC6D0BE
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC6D16E
                                                                                                                  • Part of subcall function 6CC58F73: PathRemoveFileSpecW.SHLWAPI(00000000,2806C750,00000010,80004005,6CC25DB8,6CC5F845,00000010,?,6CC5831D,00000000), ref: 6CC58F84
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FilePath$H_prolog3$AppendException@8ExistsModuleNameRemoveSpecThrow
                                                                                                                • String ID: Graphic file %s does not exists$Print.ico$Rotate1.ico$Rotate2.ico$Rotate3.ico$Rotate4.ico$Rotate5.ico$Rotate6.ico$Rotate7.ico$Rotate8.ico$Save.ico$Setup.ico$SysReqMet.ico$SysReqNotMet.ico$graphics$stop.ico$warn.ico
                                                                                                                • API String ID: 419085990-1965610755
                                                                                                                • Opcode ID: 5ba6fdf3bdc2a42de187dade87a8f498e0de5ba72294ddda8e9307491a8b224b
                                                                                                                • Instruction ID: 236f276bbab20c7b78099c581f893ff692ee277a7cd0fdd10c9c711dd0297336
                                                                                                                • Opcode Fuzzy Hash: 5ba6fdf3bdc2a42de187dade87a8f498e0de5ba72294ddda8e9307491a8b224b
                                                                                                                • Instruction Fuzzy Hash: AB4135B2D046599BCB10CFE5C946BDEBBB4FF04344FA04559E410BBE60E7349A0ADBA1
                                                                                                                Function 6CC3A82C Relevance: 33.9, APIs: 2, Strings: 17, Instructions: 638COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1009 6cc3a82c-6cc3a854 call 6cc86e1a 1012 6cc3a856-6cc3a858 1009->1012 1013 6cc3a85c-6cc3a87c call 6cc36249 1009->1013 1012->1013 1016 6cc3a884-6cc3a8a8 call 6cc36440 1013->1016 1017 6cc3a87e-6cc3a880 1013->1017 1020 6cc3a8b0-6cc3a8e4 call 6cc369b7 call 6cc5833e 1016->1020 1021 6cc3a8aa-6cc3a8ac 1016->1021 1017->1016 1026 6cc3a8e6-6cc3a8e8 1020->1026 1027 6cc3a8ec-6cc3a8fe call 6cc28d44 call 6cc31c2e 1020->1027 1021->1020 1026->1027 1031 6cc3a903-6cc3a90c 1027->1031 1032 6cc3a914-6cc3a94a call 6cc78f0e call 6cc5833e 1031->1032 1033 6cc3a90e-6cc3a910 1031->1033 1038 6cc3a952-6cc3a972 call 6cc28d44 call 6cc31d3d 1032->1038 1039 6cc3a94c-6cc3a94e 1032->1039 1033->1032 1044 6cc3a974-6cc3a976 1038->1044 1045 6cc3a97a-6cc3a9b0 call 6cc78f0e call 6cc5833e 1038->1045 1039->1038 1044->1045 1050 6cc3a9b2-6cc3a9b4 1045->1050 1051 6cc3a9b8-6cc3a9de call 6cc28d44 call 6cc3784c 1045->1051 1050->1051 1056 6cc3a9e0-6cc3a9e2 1051->1056 1057 6cc3a9e6-6cc3aa1b call 6cc78f0e call 6cc5833e 1051->1057 1056->1057 1062 6cc3aa23-6cc3aa48 call 6cc29411 call 6cc33ba9 1057->1062 1063 6cc3aa1d-6cc3aa1f 1057->1063 1068 6cc3aa50-6cc3aa72 call 6cc78f0e 1062->1068 1069 6cc3aa4a-6cc3aa4c 1062->1069 1063->1062 1072 6cc3aa74-6cc3aa76 1068->1072 1073 6cc3aa7a-6cc3aa99 call 6cc36d1f 1068->1073 1069->1068 1072->1073 1076 6cc3aaa1-6cc3aac3 call 6cc36e28 1073->1076 1077 6cc3aa9b-6cc3aa9d 1073->1077 1080 6cc3aac5-6cc3aac7 1076->1080 1081 6cc3aacb-6cc3ab73 call 6cc370c5 call 6cc397ce call 6cc5833e 1076->1081 1077->1076 1080->1081 1088 6cc3ab75-6cc3ab77 1081->1088 1089 6cc3ab7b-6cc3abc1 call 6cc295c1 call 6cc78f0e call 6cc5833e 1081->1089 1088->1089 1096 6cc3abc3-6cc3abc5 1089->1096 1097 6cc3abc9-6cc3ac09 call 6cc29703 call 6cc78f0e call 6cc5833e 1089->1097 1096->1097 1104 6cc3ac11-6cc3ac54 call 6cc29703 call 6cc78f0e call 6cc5833e 1097->1104 1105 6cc3ac0b-6cc3ac0d 1097->1105 1112 6cc3ac56-6cc3ac58 1104->1112 1113 6cc3ac5c-6cc3ac86 call 6cc29703 call 6cc78f0e 1104->1113 1105->1104 1112->1113 1118 6cc3ac88-6cc3ac8a 1113->1118 1119 6cc3ac8e-6cc3aca9 call 6cc289b7 1113->1119 1118->1119 1122 6cc3acb1-6cc3acbc call 6cc2922c 1119->1122 1123 6cc3acab-6cc3acad 1119->1123 1126 6cc3ad22-6cc3ad46 call 6cc5833e 1122->1126 1127 6cc3acbe-6cc3ad0f call 6cc5833e * 2 call 6cc2838a call 6cc78f0e * 2 call 6cc2a378 1122->1127 1123->1122 1132 6cc3ad48-6cc3ad4a 1126->1132 1133 6cc3ad4e-6cc3ad93 call 6cc29703 call 6cc5833e call 6cc2a2b5 call 6cc78f0e * 2 1126->1133 1152 6cc3ad14-6cc3ad1d call 6cc814aa 1127->1152 1132->1133 1155 6cc3ae06-6cc3ae33 call 6cc5833e 1133->1155 1156 6cc3ad95-6cc3ada9 call 6cc42d50 1133->1156 1152->1126 1163 6cc3ae35-6cc3ae37 1155->1163 1164 6cc3ae3b-6cc3ae42 call 6cc290aa 1155->1164 1161 6cc3adab-6cc3adb3 1156->1161 1162 6cc3adbd 1156->1162 1167 6cc3adb5-6cc3adb7 1161->1167 1168 6cc3adb9-6cc3adbb 1161->1168 1165 6cc3adbf-6cc3adcc call 6cc78f0e 1162->1165 1163->1164 1172 6cc3ae44-6cc3ae74 call 6cc5833e 1164->1172 1173 6cc3ae89 1164->1173 1165->1155 1174 6cc3adce-6cc3ae01 call 6cc5833e * 2 call 6cc2838a 1165->1174 1167->1162 1167->1168 1168->1165 1184 6cc3ae76-6cc3ae78 1172->1184 1185 6cc3ae7c-6cc3ae83 call 6cc290aa 1172->1185 1176 6cc3ae8b-6cc3ae8f 1173->1176 1174->1152 1179 6cc3ae91-6cc3ae9b call 6cc78f0e 1176->1179 1180 6cc3aea0-6cc3aeab 1176->1180 1179->1180 1181 6cc3aeb8-6cc3aeba 1180->1181 1182 6cc3aead-6cc3aeb3 call 6cc78f0e 1180->1182 1188 6cc3af22-6cc3af2b 1181->1188 1189 6cc3aebc-6cc3aefa call 6cc5833e * 2 call 6cc2838a call 6cc78f0e 1181->1189 1182->1181 1184->1185 1185->1173 1200 6cc3ae85-6cc3ae87 1185->1200 1192 6cc3af71-6cc3af7a 1188->1192 1193 6cc3af2d-6cc3af6f call 6cc5833e * 2 call 6cc2838a call 6cc78f0e 1188->1193 1219 6cc3aefe-6cc3af1a call 6cc78f0e call 6cc2a378 1189->1219 1201 6cc3af82-6cc3af89 call 6cc86f06 1192->1201 1202 6cc3af7c-6cc3af7e 1192->1202 1193->1219 1200->1176 1202->1201 1219->1188
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC3A833
                                                                                                                  • Part of subcall function 6CC31D3D: __EH_prolog3.LIBCMT ref: 6CC31D44
                                                                                                                  • Part of subcall function 6CC31D3D: __CxxThrowException@8.LIBCMT ref: 6CC31E11
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC3AD1D
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC2838A: __EH_prolog3.LIBCMT ref: 6CC28391
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8Throw
                                                                                                                • String ID: <$ActionTable$ApplicableIf$Compressed$Compressed items need to have URL and CompressedDownloadSize authored.$CustomErrorHandling$IsPresent$MSIOptions$MSIRepairOptions$MSIUninstallOptions$ParameterInfo.xml$ProductCode$RepairOverride$UninstallOverride$schema validation failure: MSI, AgileMSI and AgileMSP do not support RepairOverride or UninstallOverride child elements!$schema validation failure: Product Code cannot be emoty.$schema validation failure: wrong number of MSI child nodes!
                                                                                                                • API String ID: 2489616738-1903366528
                                                                                                                • Opcode ID: 652ffd02b617e63135e4c88468b5862dee1dd8030828afa41b320cb141b1f9ed
                                                                                                                • Instruction ID: 52f9e9d520aaf2e198f550450ada0480b826d5cd897c11ec05516cba5610a0c4
                                                                                                                • Opcode Fuzzy Hash: 652ffd02b617e63135e4c88468b5862dee1dd8030828afa41b320cb141b1f9ed
                                                                                                                • Instruction Fuzzy Hash: 5B424D71A04249EFDF04CFA8D944ADE7BA8BF49308F144559F918EB780EB34DA19CB61
                                                                                                                Function 6CC42582 Relevance: 32.0, APIs: 2, Strings: 16, Instructions: 464COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1224 6cc42582-6cc425bb call 6cc86e1a call 6cc28996 call 6cc585bc 1231 6cc42635-6cc42645 call 6cc585bc 1224->1231 1232 6cc425bd-6cc425d1 call 6cc7c0aa 1224->1232 1237 6cc42647-6cc4265b call 6cc7c0aa 1231->1237 1238 6cc42688-6cc42698 call 6cc585bc 1231->1238 1239 6cc425d3-6cc425fd call 6cc5833e 1232->1239 1240 6cc4260f 1232->1240 1254 6cc42661-6cc42671 1237->1254 1255 6cc428bd 1237->1255 1251 6cc426da-6cc426ea call 6cc585bc 1238->1251 1252 6cc4269a-6cc426ae call 6cc7c0aa 1238->1252 1256 6cc42605-6cc42608 call 6cc3a82c 1239->1256 1257 6cc425ff-6cc42601 1239->1257 1241 6cc42611-6cc4261f 1240->1241 1245 6cc42625-6cc42630 call 6cc78f0e 1241->1245 1246 6cc428c6-6cc428f1 call 6cc5833e call 6cc868b5 1241->1246 1245->1246 1280 6cc428f3-6cc42936 call 6cc36cb7 call 6cc78eab call 6cc584b9 call 6cc78f0e * 2 1246->1280 1281 6cc42938-6cc4297b call 6cc58cd5 call 6cc58c7a call 6cc58c24 1246->1281 1272 6cc426ec-6cc42700 call 6cc7c0aa 1251->1272 1273 6cc4272b-6cc4273b call 6cc585bc 1251->1273 1252->1255 1274 6cc426b4-6cc426c5 1252->1274 1262 6cc42673-6cc42675 1254->1262 1263 6cc42679-6cc42683 call 6cc3f05d 1254->1263 1260 6cc428bf-6cc428c3 1255->1260 1270 6cc4260d 1256->1270 1257->1256 1260->1246 1262->1263 1263->1260 1270->1241 1272->1255 1287 6cc42706-6cc42716 1272->1287 1290 6cc4277d-6cc4278d call 6cc585bc 1273->1290 1291 6cc4273d-6cc42751 call 6cc7c0aa 1273->1291 1277 6cc426c7-6cc426c9 1274->1277 1278 6cc426cd-6cc426d5 call 6cc3b69b 1274->1278 1277->1278 1278->1260 1280->1281 1325 6cc42980-6cc429c0 call 6cc78f0e * 5 1281->1325 1293 6cc4271e-6cc42726 call 6cc3d8a6 1287->1293 1294 6cc42718-6cc4271a 1287->1294 1306 6cc427d0-6cc427e0 call 6cc585bc 1290->1306 1307 6cc4278f-6cc427a3 call 6cc7c0aa 1290->1307 1291->1255 1309 6cc42757-6cc42768 1291->1309 1293->1260 1294->1293 1322 6cc427e2-6cc427f6 call 6cc7c0aa 1306->1322 1323 6cc42823-6cc42833 call 6cc585bc 1306->1323 1307->1255 1324 6cc427a9-6cc427b9 1307->1324 1310 6cc42770-6cc42778 call 6cc3c922 1309->1310 1311 6cc4276a-6cc4276c 1309->1311 1310->1260 1311->1310 1322->1255 1341 6cc427fc-6cc4280c 1322->1341 1338 6cc42835-6cc42849 call 6cc7c0aa 1323->1338 1339 6cc4286e-6cc4287e call 6cc585bc 1323->1339 1329 6cc427c1-6cc427c6 call 6cc3e30e 1324->1329 1330 6cc427bb-6cc427bd 1324->1330 1374 6cc429c2-6cc429c4 1325->1374 1375 6cc429c8-6cc429d0 call 6cc86f06 1325->1375 1337 6cc427cb 1329->1337 1330->1329 1337->1260 1338->1255 1351 6cc4284b-6cc4285c 1338->1351 1354 6cc42884-6cc42898 call 6cc7c0aa 1339->1354 1355 6cc429d3-6cc42ad5 call 6cc58cd5 call 6cc58c7a call 6cc78f0e * 2 call 6cc5833e call 6cc58cd5 call 6cc2838a call 6cc78f0e * 2 call 6cc28415 call 6cc78f0e call 6cc2a378 call 6cc814aa call 6cc3632c 1339->1355 1344 6cc42814-6cc4281e call 6cc3facf 1341->1344 1345 6cc4280e-6cc42810 1341->1345 1344->1260 1345->1344 1357 6cc42864-6cc4286c call 6cc402c6 1351->1357 1358 6cc4285e-6cc42860 1351->1358 1354->1255 1368 6cc4289a-6cc428ab 1354->1368 1405 6cc42ad7-6cc42add call 6cc7b081 1355->1405 1406 6cc42ade-6cc42ae2 1355->1406 1357->1260 1358->1357 1369 6cc428b3-6cc428bb call 6cc41287 1368->1369 1370 6cc428ad-6cc428af 1368->1370 1369->1260 1370->1369 1374->1375 1405->1406
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC42589
                                                                                                                  • Part of subcall function 6CC7C0AA: _malloc.LIBCMT ref: 6CC7C0C4
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC42AB0
                                                                                                                  • Part of subcall function 6CC7C0AA: std::exception::exception.LIBCMT ref: 6CC7C0F9
                                                                                                                  • Part of subcall function 6CC7C0AA: std::exception::exception.LIBCMT ref: 6CC7C113
                                                                                                                  • Part of subcall function 6CC7C0AA: __CxxThrowException@8.LIBCMT ref: 6CC7C124
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Exception@8H_prolog3Throwstd::exception::exception$_malloc
                                                                                                                • String ID: ", local path $". Valid types are MSI, MSP, Exe, Patches, ServiceControl and File. Theses are case sensitive.$(not applicable)$Adding Item type "$AgileMSI$CleanupBlock$Exe$File$MSI$MSP$ParameterInfo.xml$Patches$RelatedProducts$ServiceControl$Unknown Item type "$schema validation failure: unknown Item type -
                                                                                                                • API String ID: 3439882596-1328758535
                                                                                                                • Opcode ID: aef3e0db6c85ec9aae9b4d01aa553e72eb5dbf43855a6909dfe9caa4e4a5cdc5
                                                                                                                • Instruction ID: 067d8936c2ee510eacae22c865645e703d45911d82528c9884dc8b92f8f8d3b9
                                                                                                                • Opcode Fuzzy Hash: aef3e0db6c85ec9aae9b4d01aa553e72eb5dbf43855a6909dfe9caa4e4a5cdc5
                                                                                                                • Instruction Fuzzy Hash: BD028F71A05218AFDB00DBA8C955EED7BB4BF49318F108159F415E7B81EB34DA04CBB5
                                                                                                                Function 640E6199 Relevance: 31.8, APIs: 11, Strings: 7, Instructions: 265COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E61A0
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640E1E75: __EH_prolog3.LIBCMT ref: 640E1E7C
                                                                                                                  • Part of subcall function 640E1E75: GetThreadLocale.KERNEL32(?,00000004,640E6734,0000004C,0000004C,640E7142,?,00000000), ref: 640E1E8E
                                                                                                                • PathIsRelativeW.SHLWAPI(?,?,?,0000003C,640F7332,?,?,?,?,?,?,?,00000000,?,?,?), ref: 640E61E9
                                                                                                                • PathFileExistsW.SHLWAPI(?), ref: 640E61F6
                                                                                                                • PathFileExistsW.KERNELBASE(?,?), ref: 640E622B
                                                                                                                • PathFileExistsW.KERNELBASE(?), ref: 640E6230
                                                                                                                • CoInitialize.OLE32(00000000), ref: 640E6299
                                                                                                                • CoUninitialize.OLE32(?,?), ref: 640E6340
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 640E63B7
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E63C9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3Path$ExistsFile$Exception@8InitializeLocaleRelativeThreadThrowUninitialize
                                                                                                                • String ID: ' was not found in UiInfo.xml$String for StringID '$Strings$Strings.xml$Successfuly found file %s $UIInfo.xml$^t
                                                                                                                • API String ID: 1923347782-4190679452
                                                                                                                • Opcode ID: 039092809fb02dd8821eba6868a7ad7969d05ac07a959fb7b16c7030100e38ca
                                                                                                                • Instruction ID: 9266c348fcbd44f46f9ae69353c57c5e9d6907b9b99dcff2966367e1fe2291e7
                                                                                                                • Opcode Fuzzy Hash: 039092809fb02dd8821eba6868a7ad7969d05ac07a959fb7b16c7030100e38ca
                                                                                                                • Instruction Fuzzy Hash: 63A15F71900259EFEF00DFA8C984BEEBBB8AF0531CF148155E514EB291DB34DA1ACB61
                                                                                                                Function 6CC3148D Relevance: 30.3, APIs: 3, Strings: 14, Instructions: 510COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1509 6cc3148d-6cc31502 call 6cc2ac58 call 6cc585bc 1515 6cc31508-6cc3151d call 6cc7c0aa 1509->1515 1516 6cc3158e-6cc315a1 call 6cc585bc 1509->1516 1521 6cc31554 1515->1521 1522 6cc3151f-6cc31552 call 6cc5833e call 6cc30e96 call 6cc78f0e 1515->1522 1523 6cc315a3-6cc315b8 call 6cc7c0aa 1516->1523 1524 6cc3160b-6cc3161c call 6cc585bc 1516->1524 1528 6cc31556-6cc31561 1521->1528 1522->1528 1537 6cc315ba-6cc315ed call 6cc5833e call 6cc30e96 call 6cc78f0e 1523->1537 1538 6cc315ef 1523->1538 1535 6cc31661-6cc31674 call 6cc585bc 1524->1535 1536 6cc3161e-6cc31631 call 6cc7c0aa 1524->1536 1532 6cc31563-6cc31565 1528->1532 1533 6cc31569 1528->1533 1532->1533 1539 6cc3156b-6cc3158b call 6cc78f0e 1533->1539 1553 6cc31676-6cc3168b call 6cc7c0aa 1535->1553 1554 6cc316c9-6cc316dc call 6cc585bc 1535->1554 1556 6cc31643 1536->1556 1557 6cc31633-6cc31641 call 6cc311f6 1536->1557 1544 6cc315f1-6cc315fc 1537->1544 1538->1544 1550 6cc31604-6cc31606 1544->1550 1551 6cc315fe-6cc31600 1544->1551 1550->1539 1551->1550 1553->1538 1569 6cc31691-6cc316c4 call 6cc5833e call 6cc300a7 call 6cc78f0e 1553->1569 1571 6cc31731-6cc31744 call 6cc585bc 1554->1571 1572 6cc316de-6cc316f3 call 6cc7c0aa 1554->1572 1562 6cc31645-6cc31650 1556->1562 1557->1562 1562->1539 1567 6cc31656-6cc3165c 1562->1567 1567->1539 1569->1544 1582 6cc31746-6cc3175b call 6cc7c0aa 1571->1582 1583 6cc31799-6cc317ac call 6cc585bc 1571->1583 1572->1538 1580 6cc316f9-6cc3172c call 6cc5833e call 6cc300a7 call 6cc78f0e 1572->1580 1580->1544 1582->1538 1596 6cc31761-6cc31794 call 6cc5833e call 6cc300a7 call 6cc78f0e 1582->1596 1593 6cc31801-6cc31814 call 6cc585bc 1583->1593 1594 6cc317ae-6cc317c3 call 6cc7c0aa 1583->1594 1606 6cc31816-6cc3182b call 6cc7c0aa 1593->1606 1607 6cc31869-6cc3187a call 6cc585bc 1593->1607 1594->1538 1609 6cc317c9-6cc317fc call 6cc5833e call 6cc300a7 call 6cc78f0e 1594->1609 1596->1544 1606->1538 1621 6cc31831-6cc31864 call 6cc5833e call 6cc300a7 call 6cc78f0e 1606->1621 1618 6cc318a6-6cc318b7 call 6cc585bc 1607->1618 1619 6cc3187c-6cc3188f call 6cc7c0aa 1607->1619 1609->1544 1634 6cc318d7-6cc318e8 call 6cc585bc 1618->1634 1635 6cc318b9-6cc318c3 call 6cc7c0aa 1618->1635 1619->1556 1632 6cc31895-6cc318a1 call 6cc30baa 1619->1632 1621->1544 1632->1618 1645 6cc31902-6cc319d7 call 6cc5833e call 6cc58cd5 call 6cc2838a call 6cc78f0e * 2 call 6cc28415 call 6cc78f0e call 6cc2a378 call 6cc814aa call 6cc86e1a call 6cc28b9f call 6cc3148d 1634->1645 1646 6cc318ea-6cc318f4 call 6cc7c0aa 1634->1646 1635->1556 1644 6cc318c9 1635->1644 1648 6cc318cf 1644->1648 1677 6cc319dc-6cc319e8 1645->1677 1646->1556 1653 6cc318fa-6cc31900 1646->1653 1648->1634 1653->1648 1678 6cc319f0-6cc31a19 call 6cc78eab 1677->1678 1679 6cc319ea-6cc319ec 1677->1679 1682 6cc31a21-6cc31a29 call 6cc2922c 1678->1682 1683 6cc31a1b-6cc31a1d 1678->1683 1679->1678 1686 6cc31ae3-6cc31aea call 6cc86f06 1682->1686 1687 6cc31a2f-6cc31ade call 6cc5833e call 6cc58cd5 call 6cc58c7a call 6cc2838a call 6cc78f0e * 3 call 6cc28415 call 6cc78f0e call 6cc2a378 call 6cc814aa 1682->1687 1683->1682 1687->1686
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8FreeStringThrow_malloc
                                                                                                                • String ID: can only have one logical or arithmietic expression for a child node$AlwaysTrue$And$Equals$Exists$GreaterThan$GreaterThanOrEqualTo$LessThan$LessThanOrEqualTo$NeverTrue$Not$ParameterInfo.xml$schema validation failure: $schema validation failure: unknown Expression:
                                                                                                                • API String ID: 1924927865-100526994
                                                                                                                • Opcode ID: 1cc07570e622c9a6fb7aa2f451e53b2a2e5a224b195b08eaa91314b95734d7ff
                                                                                                                • Instruction ID: 9834f4c8f40713d31f1d262bc00d0c5c9fe59a3f46185017d03c6d0c25ffc240
                                                                                                                • Opcode Fuzzy Hash: 1cc07570e622c9a6fb7aa2f451e53b2a2e5a224b195b08eaa91314b95734d7ff
                                                                                                                • Instruction Fuzzy Hash: 64028F722083459FD700CBACD844F9EBBE8AF85358F140A1AF599D7B91FB71D9088762
                                                                                                                Function 640EBCBB Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 111windowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640EBCC2
                                                                                                                  • Part of subcall function 640F1DCD: __EH_prolog3.LIBCMT ref: 640F1DD4
                                                                                                                  • Part of subcall function 640F1DCD: GetCommandLineW.KERNEL32(00000018,640EB178,00000000,?,?,640EAC46,?), ref: 640F1DD9
                                                                                                                • SendMessageW.USER32(?,0000046B,00000000,00000000), ref: 640EBCDC
                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 640EBCED
                                                                                                                • EnableMenuItem.USER32(00000000), ref: 640EBCF4
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 640EBD04
                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 640EBD15
                                                                                                                • GetSystemMenu.USER32(?,00000000), ref: 640EBD21
                                                                                                                • InsertMenuW.USER32(?,00000000,00000400,0000F120,00000000), ref: 640EBD5F
                                                                                                                • InsertMenuW.USER32(?,00000002,00000400,0000F020,00000000), ref: 640EBDA5
                                                                                                                • InsertMenuW.USER32(?,00000003,00000400,0000F00F,00000000), ref: 640EBDC3
                                                                                                                • SetMenuItemBitmaps.USER32(?,0000F120,00000000,00000002,00000002), ref: 640EBDD9
                                                                                                                • SetMenuItemBitmaps.USER32(?,0000F020,00000000,00000003,00000003), ref: 640EBDE5
                                                                                                                • KiUserCallbackDispatcher.NTDLL(?), ref: 640EBDEA
                                                                                                                • SetWindowLongW.USER32(?,000000FC,640EBF84), ref: 640EBE0C
                                                                                                                • SetWindowLongW.USER32(?,000000EB,00000000), ref: 640EBE1A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$LongWindow$InsertItem$BitmapsH_prolog3System$CallbackCommandDispatcherEnableLineMessageSendUser
                                                                                                                • String ID: IDS_MINIMIZE$IDS_RESTORE
                                                                                                                • API String ID: 435486374-4171729070
                                                                                                                • Opcode ID: cb9ce57791800e7c2461b3b98d6bd07b6a4c56b3091af130e32dcc24998e12bb
                                                                                                                • Instruction ID: 29e50de686f1cd9e427f5b7c3f0b20bc7bfe4ba927e2ed16b05c6612b7d9533f
                                                                                                                • Opcode Fuzzy Hash: cb9ce57791800e7c2461b3b98d6bd07b6a4c56b3091af130e32dcc24998e12bb
                                                                                                                • Instruction Fuzzy Hash: BD418D3024031AAFEB209FA5CC45FAE7BB5FF89714F108524F665AA1E0CB71A810DB14
                                                                                                                Function 6CC69D05 Relevance: 28.3, APIs: 2, Strings: 14, Instructions: 311COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                  • Part of subcall function 6CC239AD: __EH_prolog3.LIBCMT ref: 6CC239B4
                                                                                                                • GetCommandLineW.KERNEL32(9B5DCFA9,?,00000000,ParameterInfo.xml,?,?,?,00000000,?,?,?,?,ParameterInfo.xml,?,00000000,?), ref: 6CC69D54
                                                                                                                  • Part of subcall function 6CC23E77: __EH_prolog3.LIBCMT ref: 6CC23E7E
                                                                                                                  • Part of subcall function 6CC23A16: __EH_prolog3.LIBCMT ref: 6CC23A1D
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC69EBD
                                                                                                                Strings
                                                                                                                • NoSetupVersionCheck, xrefs: 6CC69D6C
                                                                                                                • SetupVersion specified in ParameterInfo.xml has a minor version greater than the currently supported version., xrefs: 6CC69F58
                                                                                                                • 1.0, xrefs: 6CC69D3D, 6CC69D42, 6CC69ED4, 6CC69EFB
                                                                                                                • SetupVersion specified in ParameterInfo.xml is , xrefs: 6CC6A029
                                                                                                                • higher, xrefs: 6CC6A001, 6CC6A017
                                                                                                                • SetupVersion, xrefs: 6CC69DC0
                                                                                                                • than the currently supported version., xrefs: 6CC6A006
                                                                                                                • Current SetupVersion = %s, xrefs: 6CC69D43
                                                                                                                • SetupVersion specified in ParameterInfo.xml has a minor version lower than the currently supported version., xrefs: 6CC69F44
                                                                                                                • ParameterInfo.xml, xrefs: 6CC69E2E, 6CC69F67, 6CC6A096
                                                                                                                • lower, xrefs: 6CC69FFA
                                                                                                                • Command line switch 'NoSetupVersionCheck' found - so not performing SetupVersion check., xrefs: 6CC69D95
                                                                                                                • SetupVersion specified in ParameterInfo.xml is '%s', xrefs: 6CC69EC3
                                                                                                                • SetupVersion not specified, xrefs: 6CC69E1F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$CommandException@8LineThrow
                                                                                                                • String ID: than the currently supported version.$1.0$Command line switch 'NoSetupVersionCheck' found - so not performing SetupVersion check.$Current SetupVersion = %s$NoSetupVersionCheck$ParameterInfo.xml$SetupVersion$SetupVersion not specified$SetupVersion specified in ParameterInfo.xml has a minor version greater than the currently supported version.$SetupVersion specified in ParameterInfo.xml has a minor version lower than the currently supported version.$SetupVersion specified in ParameterInfo.xml is $SetupVersion specified in ParameterInfo.xml is '%s'$higher$lower
                                                                                                                • API String ID: 1129948358-1674238012
                                                                                                                • Opcode ID: e5f89f3f6b2a16d648f79f907ae49544146a8ac1134a3f620112bb6db5141c3b
                                                                                                                • Instruction ID: 56bc5fc045c936681ed0cecb995b09cdb470f2d49f999c72b3387367c1c22cf5
                                                                                                                • Opcode Fuzzy Hash: e5f89f3f6b2a16d648f79f907ae49544146a8ac1134a3f620112bb6db5141c3b
                                                                                                                • Instruction Fuzzy Hash: 02C14B721087409FD310DB68C884F9FBBE8AF95318F144A5DF2A197B91EB34D9498B62
                                                                                                                Function 6CC3293D Relevance: 26.7, APIs: 2, Strings: 13, Instructions: 416COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1950 6cc3293d-6cc32982 call 6cc86e1a call 6cc5833e * 2 1957 6cc32984-6cc32986 1950->1957 1958 6cc3298a-6cc329ae call 6cc29411 call 6cc32677 1950->1958 1957->1958 1963 6cc329b0-6cc329b2 1958->1963 1964 6cc329b6-6cc329fc call 6cc78f0e call 6cc5833e * 2 1958->1964 1963->1964 1971 6cc32a04-6cc32a2c call 6cc29411 call 6cc32677 1964->1971 1972 6cc329fe-6cc32a00 1964->1972 1977 6cc32a34-6cc32a7a call 6cc78f0e call 6cc5833e * 2 1971->1977 1978 6cc32a2e-6cc32a30 1971->1978 1972->1971 1985 6cc32a82-6cc32aaa call 6cc29411 call 6cc32677 1977->1985 1986 6cc32a7c-6cc32a7e 1977->1986 1978->1977 1991 6cc32ab2-6cc32ac4 call 6cc78f0e 1985->1991 1992 6cc32aac-6cc32aae 1985->1992 1986->1985 1995 6cc32e05-6cc32e0d call 6cc86f06 1991->1995 1996 6cc32aca-6cc32ae8 call 6cc5833e 1991->1996 1992->1991 2001 6cc32af0-6cc32b23 call 6cc289b7 call 6cc78f0e call 6cc5833e 1996->2001 2002 6cc32aea-6cc32aec 1996->2002 2009 6cc32b25-6cc32b27 2001->2009 2010 6cc32b2b-6cc32b4f call 6cc292d1 call 6cc5833e 2001->2010 2002->2001 2009->2010 2015 6cc32b51-6cc32b53 2010->2015 2016 6cc32b57-6cc32b7b call 6cc292d1 call 6cc5833e 2010->2016 2015->2016 2021 6cc32b83-6cc32b8c call 6cc292d1 2016->2021 2022 6cc32b7d-6cc32b7f 2016->2022 2025 6cc32c05 2021->2025 2026 6cc32b8e-6cc32b90 2021->2026 2022->2021 2029 6cc32c0b-6cc32c0e 2025->2029 2030 6cc32cbf 2025->2030 2027 6cc32cc1 2026->2027 2028 6cc32b96-6cc32b98 2026->2028 2031 6cc32d62 2027->2031 2032 6cc32cc7-6cc32cca 2027->2032 2033 6cc32d64 2028->2033 2034 6cc32b9e-6cc32bfc call 6cc5833e * 2 call 6cc2838a call 6cc78f0e * 2 call 6cc2a378 2028->2034 2035 6cc32c73-6cc32c79 2029->2035 2036 6cc32c10-6cc32c4e call 6cc5833e * 2 call 6cc2838a call 6cc78f0e 2029->2036 2030->2027 2031->2033 2039 6cc32d13-6cc32d19 2032->2039 2040 6cc32ccc-6cc32d0e call 6cc5833e * 2 call 6cc2838a call 6cc78f0e 2032->2040 2033->1995 2037 6cc32d6a-6cc32d6d 2033->2037 2109 6cc32bff-6cc32c00 call 6cc814aa 2034->2109 2035->2030 2041 6cc32c7b-6cc32cbd call 6cc5833e * 2 call 6cc2838a call 6cc78f0e 2035->2041 2097 6cc32c52-6cc32c71 call 6cc78f0e call 6cc2a378 2036->2097 2044 6cc32db6-6cc32dbc 2037->2044 2045 6cc32d6f-6cc32dad call 6cc5833e * 2 call 6cc2838a call 6cc78f0e 2037->2045 2039->2031 2047 6cc32d1b-6cc32d59 call 6cc5833e * 2 call 6cc2838a call 6cc78f0e 2039->2047 2040->2097 2041->2097 2044->1995 2055 6cc32dbe-6cc32dfc call 6cc5833e * 2 call 6cc2838a call 6cc78f0e 2044->2055 2045->2044 2047->2031 2055->1995 2097->2109 2109->2025
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC32944
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC32677: __EH_prolog3.LIBCMT ref: 6CC3267E
                                                                                                                  • Part of subcall function 6CC2838A: __EH_prolog3.LIBCMT ref: 6CC28391
                                                                                                                  • Part of subcall function 6CC2A378: __EH_prolog3.LIBCMT ref: 6CC2A37F
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC32C00
                                                                                                                  • Part of subcall function 6CC814AA: KiUserExceptionDispatcher.NTDLL(?,?,6CC7C129,00000C00,?,?,?,?,6CC7C129,00000C00,6CC9BA3C,6CCB76D4,00000C00,00000020,6CC5F845,?), ref: 6CC814EC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$DispatcherExceptionException@8ThrowUser
                                                                                                                • String ID: 8$Blockers$ParameterInfo.xml$StopBlockers$SuccessBlockers$WarnBlockers$schema validation failure: More than 1 Stop Block defined.$schema validation failure: More than 1 Success Block defined.$schema validation failure: More than 1 Warning Block defined.$schema validation failure: Stop blockers has no child node$schema validation failure: Success blockers has no child node$schema validation failure: Warn blockers has no child node$schema validation failure: no valid child element found for 'Blockers' node.
                                                                                                                • API String ID: 3417717588-4180151753
                                                                                                                • Opcode ID: 8b77fa378fdac4f64c256a222e18988ecaf87644990b8c7dec9292420317f44a
                                                                                                                • Instruction ID: de205699784f991d810612399d14d02827e9e3397ee3f1e69fb47f944f8b1010
                                                                                                                • Opcode Fuzzy Hash: 8b77fa378fdac4f64c256a222e18988ecaf87644990b8c7dec9292420317f44a
                                                                                                                • Instruction Fuzzy Hash: EFF17071900249EBCF04DBE8D858EDE7BB8AF09318F548159F158E7B81EB35DA09CB61
                                                                                                                Function 6E332C9B Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 295memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 2112 6e332c9b-6e332ccc 2113 6e332cda-6e332cdd 2112->2113 2114 6e332cce-6e332cd4 2112->2114 2116 6e332ce3-6e332ce5 2113->2116 2117 6e341491-6e34149b 2113->2117 2114->2113 2115 6e341464-6e34146e 2114->2115 2122 6e341487-6e34148c 2115->2122 2123 6e341470-6e341473 2115->2123 2120 6e332ceb-6e332ced 2116->2120 2121 6e333b28-6e333b5d memset call 6e3318e5 2116->2121 2118 6e332dd1 2117->2118 2119 6e3414a1-6e3414a5 2117->2119 2124 6e332dd3-6e332de1 call 6e33171f 2118->2124 2119->2118 2125 6e3414ab-6e3414bd call 6e345f11 2119->2125 2126 6e332cf3-6e332d0f VirtualAlloc 2120->2126 2127 6e34160c-6e341616 2120->2127 2141 6e333b63-6e333b7d OpenFileMappingW 2121->2141 2142 6e3414c2-6e3414ce 2121->2142 2122->2124 2123->2122 2129 6e341475-6e341482 call 6e345f11 2123->2129 2125->2118 2132 6e3415a7-6e3415b1 2126->2132 2133 6e332d15 2126->2133 2135 6e341630 2127->2135 2136 6e341618-6e34161c 2127->2136 2129->2122 2145 6e341550-6e34155a GetLastError 2132->2145 2146 6e3415b3-6e3415b7 2132->2146 2140 6e332d1f-6e332d2f 2133->2140 2144 6e341635-6e34163a 2135->2144 2136->2135 2143 6e34161e-6e341623 2136->2143 2140->2118 2147 6e332d35-6e332d57 call 6e332a40 VirtualAlloc 2140->2147 2148 6e333b83-6e333b85 2141->2148 2149 6e3414f3-6e3414f5 2141->2149 2150 6e3414d0-6e3414d4 2142->2150 2151 6e3414e9-6e3414ee 2142->2151 2154 6e341625-6e34162b call 6e345f11 2143->2154 2155 6e34163c-6e341642 2144->2155 2156 6e34165f-6e341665 2144->2156 2152 6e341560-6e341564 GetLastError 2145->2152 2153 6e3415fa-6e34160a GetLastError 2145->2153 2146->2145 2157 6e3415b9-6e3415c4 2146->2157 2182 6e3415d6-6e3415e0 2147->2182 2183 6e332d5d-6e332dce call 6e332de9 * 2 2147->2183 2162 6e341584-6e34158e 2148->2162 2163 6e333b8b-6e333bae CreateFileMappingW 2148->2163 2165 6e333bbe-6e333bd5 MapViewOfFile 2149->2165 2166 6e3414fb-6e341505 2149->2166 2150->2151 2164 6e3414d6-6e3414e4 call 6e3499f8 2150->2164 2151->2144 2152->2144 2153->2144 2154->2135 2168 6e341644-6e34164a UnmapViewOfFile 2155->2168 2169 6e341650-6e34165d CloseHandle 2155->2169 2159 6e341667-6e34167b VirtualFree 2156->2159 2160 6e3416a1-6e3416a7 2156->2160 2158 6e3415c6-6e3415d1 call 6e3499f8 2157->2158 2158->2145 2159->2160 2171 6e34167d-6e341687 2159->2171 2160->2124 2162->2135 2177 6e341594-6e341598 2162->2177 2173 6e333bb4 2163->2173 2174 6e34152c-6e341536 2163->2174 2164->2151 2165->2140 2176 6e333bdb-6e341573 2165->2176 2166->2165 2178 6e34150b-6e34150f 2166->2178 2168->2169 2169->2160 2171->2160 2181 6e341689-6e34168d 2171->2181 2173->2165 2174->2145 2179 6e341538-6e34153c 2174->2179 2176->2145 2190 6e341575-6e341579 2176->2190 2177->2135 2185 6e34159e-6e3415a5 2177->2185 2178->2165 2186 6e341515-6e341527 call 6e345f11 2178->2186 2179->2145 2187 6e34153e-6e341543 2179->2187 2181->2160 2189 6e34168f-6e34169c call 6e345f11 2181->2189 2182->2145 2188 6e3415e6-6e3415ea 2182->2188 2183->2118 2185->2154 2186->2165 2193 6e341545-6e34154b call 6e345f11 2187->2193 2188->2145 2194 6e3415f0-6e3415f8 2188->2194 2189->2160 2190->2145 2196 6e34157b-6e341582 2190->2196 2193->2145 2194->2158 2196->2193
                                                                                                                APIs
                                                                                                                • VirtualAlloc.KERNEL32(00000000,?,00002000,00000004,6E3327B0,00000000,6E350088), ref: 6E332D01
                                                                                                                • VirtualAlloc.KERNEL32(?,00000000,00001000,00000004,000003F8,00000000,?,?,?,?,6E3327B0,00000000,6E350088), ref: 6E332D4F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocVirtual
                                                                                                                • String ID: Local\SqmData_%s
                                                                                                                • API String ID: 4275171209-1264235261
                                                                                                                • Opcode ID: ff665940d714bd16348a15d23b2972fa5f9aed2d159ad94d332c07ddcfecd9d4
                                                                                                                • Instruction ID: 291b8c1eec2f936bc7e6d3d522332980164d8b09a220d952c9f1c9886b783f89
                                                                                                                • Opcode Fuzzy Hash: ff665940d714bd16348a15d23b2972fa5f9aed2d159ad94d332c07ddcfecd9d4
                                                                                                                • Instruction Fuzzy Hash: 59B1A130600745DFD7908FA5CD84F5577E9BF01348F2084A8E969DB2A2EB76D899CF50
                                                                                                                Function 640E671F Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 196windowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E6726
                                                                                                                  • Part of subcall function 640E1E75: __EH_prolog3.LIBCMT ref: 640E1E7C
                                                                                                                  • Part of subcall function 640E1E75: GetThreadLocale.KERNEL32(?,00000004,640E6734,0000004C,0000004C,640E7142,?,00000000), ref: 640E1E8E
                                                                                                                • PathIsRelativeW.SHLWAPI(?,0000004C,0000004C,640E7142,?,00000000), ref: 640E6745
                                                                                                                • PathFileExistsW.SHLWAPI(?), ref: 640E6751
                                                                                                                • PathFileExistsW.KERNELBASE(?,?,?), ref: 640E6790
                                                                                                                • PathFileExistsW.KERNELBASE(?), ref: 640E6795
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 640E68B8
                                                                                                                • SendMessageW.USER32(?,00000449), ref: 640E68F2
                                                                                                                • CloseHandle.KERNELBASE(64108364), ref: 640E6908
                                                                                                                • CloseHandle.KERNEL32(64108364,?,00000000), ref: 640E691E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Path$ExistsFile$CloseH_prolog3Handle$Exception@8LocaleMessageRelativeSendThreadThrow
                                                                                                                • String ID: ParameterInfo.xml$Successfuly found file %s $can't open EULA file: $^t
                                                                                                                • API String ID: 4048475142-317639759
                                                                                                                • Opcode ID: 5bae33410816091bd3edcb036f043f7247bd86f8c93f4fcc90c030abdda0c560
                                                                                                                • Instruction ID: fbd6dcc7aad71c60f699418a356c9cd4dabfd61948a148af68543007497cfd23
                                                                                                                • Opcode Fuzzy Hash: 5bae33410816091bd3edcb036f043f7247bd86f8c93f4fcc90c030abdda0c560
                                                                                                                • Instruction Fuzzy Hash: 0E714472900118EFEF01DFE8CD84BEDBBB9AF05318F548155E510BB291DB359A19CB61
                                                                                                                Function 640E5163 Relevance: 22.0, APIs: 1, Strings: 11, Instructions: 1046COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E516A
                                                                                                                  • Part of subcall function 640E396A: __EH_prolog3.LIBCMT ref: 640E3971
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640DD7DD: __EH_prolog3.LIBCMT ref: 640DD7E4
                                                                                                                  • Part of subcall function 640DD7DD: SysFreeString.OLEAUT32(00000000), ref: 640DD83A
                                                                                                                  • Part of subcall function 640E25B2: __EH_prolog3.LIBCMT ref: 640E25B9
                                                                                                                  • Part of subcall function 640E3AD4: __EH_prolog3.LIBCMT ref: 640E3ADB
                                                                                                                  • Part of subcall function 640E507E: __EH_prolog3.LIBCMT ref: 640E5085
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$FreeString
                                                                                                                • String ID: CreateLayout$Failure$Install$NothingApplies$Repair$Static$Success$SysLink$Uninstall$UninstallPatch$~
                                                                                                                • API String ID: 2872891630-930184743
                                                                                                                • Opcode ID: 07891b43a22a00cb6bc91b3d4aa48a73cf23fac9e76321f3b45bf6b91a10797c
                                                                                                                • Instruction ID: 0993b3549c7f0c2b35da59b83f9749c86e2f9866e258a24dbf4772c1b88a8072
                                                                                                                • Opcode Fuzzy Hash: 07891b43a22a00cb6bc91b3d4aa48a73cf23fac9e76321f3b45bf6b91a10797c
                                                                                                                • Instruction Fuzzy Hash: 2D927E7180025DEFEF01CBF8C944FEEBBB8AF19318F144159E455A7291DB34AA0ADB61
                                                                                                                Function 6CC2BB3C Relevance: 21.3, APIs: 2, Strings: 10, Instructions: 260COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC2BB43
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC2BDEB
                                                                                                                Strings
                                                                                                                • BlockingMutex, xrefs: 6CC2BC9D
                                                                                                                • schema validation failure: there must be a valid child element for Configuration., xrefs: 6CC2BD5C
                                                                                                                • FilesInUseSetting, xrefs: 6CC2BCEF
                                                                                                                • DisabledCommandLineSwitches, xrefs: 6CC2BB52
                                                                                                                • Using Simultaneous Download and Install mechanism, xrefs: 6CC2BE01
                                                                                                                • Using Serial Download and Install mechanism, xrefs: 6CC2BDFA
                                                                                                                • ParameterInfo.xml, xrefs: 6CC2BD6A
                                                                                                                • DownloadInstallSetting, xrefs: 6CC2BC4B
                                                                                                                • UserExperienceDataCollection, xrefs: 6CC2BBF8
                                                                                                                • AdditionalCommandLineSwitches, xrefs: 6CC2BBA6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8Throw
                                                                                                                • String ID: AdditionalCommandLineSwitches$BlockingMutex$DisabledCommandLineSwitches$DownloadInstallSetting$FilesInUseSetting$ParameterInfo.xml$UserExperienceDataCollection$Using Serial Download and Install mechanism$Using Simultaneous Download and Install mechanism$schema validation failure: there must be a valid child element for Configuration.
                                                                                                                • API String ID: 2489616738-904804324
                                                                                                                • Opcode ID: 2c4f1d1aedeca7d543c6963208f2b967b86e6a4bf10b3560c57e84e309910e7e
                                                                                                                • Instruction ID: 5458af9e1e1cc7ec7550467fc30b289be503bc4803b6d561e3d0cf7e8f347dda
                                                                                                                • Opcode Fuzzy Hash: 2c4f1d1aedeca7d543c6963208f2b967b86e6a4bf10b3560c57e84e309910e7e
                                                                                                                • Instruction Fuzzy Hash: E2A13D71900249AFDB00DFA8C945EEEBBB8BF09318F144555F925E7B80E735EA18CB61
                                                                                                                Function 640E70F9 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 215COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32(?,00000065), ref: 640E7136
                                                                                                                  • Part of subcall function 640E671F: __EH_prolog3.LIBCMT ref: 640E6726
                                                                                                                  • Part of subcall function 640E671F: PathIsRelativeW.SHLWAPI(?,0000004C,0000004C,640E7142,?,00000000), ref: 640E6745
                                                                                                                  • Part of subcall function 640E671F: PathFileExistsW.SHLWAPI(?), ref: 640E6751
                                                                                                                  • Part of subcall function 640E671F: __CxxThrowException@8.LIBCMT ref: 640E68B8
                                                                                                                • GetDlgItem.USER32(?,00000068), ref: 640E7146
                                                                                                                  • Part of subcall function 640DEDAE: SetWindowTextW.USER32(?,?), ref: 640DEDC5
                                                                                                                • GetDlgItem.USER32(?,00000069), ref: 640E7159
                                                                                                                • ShowWindow.USER32(?,00000000,?,?,?,?,?,?,?,?,6410677E,000000FF), ref: 640E7181
                                                                                                                  • Part of subcall function 640EF532: __EH_prolog3.LIBCMT ref: 640EF539
                                                                                                                  • Part of subcall function 640EF532: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,6410677E,000000FF), ref: 640EF555
                                                                                                                  • Part of subcall function 640E6615: CreateWindowExW.USER32(00000008,tooltips_class32,00000000,80000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 640E6636
                                                                                                                  • Part of subcall function 640E6615: SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,?,640E72CF), ref: 640E6648
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                • SetDlgItemTextW.USER32(?,00000068,00000000), ref: 640E71AF
                                                                                                                • SetDlgItemTextW.USER32(?,00000069,00000000), ref: 640E71E7
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 640E7263
                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 640E7272
                                                                                                                • GetDlgItem.USER32(?,00000066), ref: 640E72FC
                                                                                                                  • Part of subcall function 640E6655: __EH_prolog3_GS.LIBCMT ref: 640E665C
                                                                                                                  • Part of subcall function 640E6655: _memset.LIBCMT ref: 640E66C3
                                                                                                                  • Part of subcall function 640E6655: GetClientRect.USER32 ref: 640E66E6
                                                                                                                  • Part of subcall function 640E6655: SendMessageW.USER32(00000001,00000432,00000000,?), ref: 640E66FC
                                                                                                                • GetDlgItem.USER32(?,00000067), ref: 640E7352
                                                                                                                  • Part of subcall function 640E6655: RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,00000040,640E730F,?,?,?,?,?,?,?,?,?), ref: 640E6713
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Item$Window$H_prolog3Text$LongPath$ClientCreateErrorExceptionException@8ExistsFileH_prolog3_LastMessageRaiseRectRelativeSendShowThrow_memset
                                                                                                                • String ID: IDS_PRINT$IDS_SAVE
                                                                                                                • API String ID: 3758966775-3437764585
                                                                                                                • Opcode ID: c1d58bad3503fbe9e8f6425fb2dd1f3f92c08e67697abc5fc9260ce1393255b7
                                                                                                                • Instruction ID: 44e76124468e6cef6beead7fa298d4e71ba7bc6f613212fd1c902cafb9ebe665
                                                                                                                • Opcode Fuzzy Hash: c1d58bad3503fbe9e8f6425fb2dd1f3f92c08e67697abc5fc9260ce1393255b7
                                                                                                                • Instruction Fuzzy Hash: 048147352047119FDB00DF64C888E5ABBE6FF8A718F104A68F596DB3A1DB31E819CB41
                                                                                                                Function 640E757C Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 149windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E7583
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 640E761F
                                                                                                                • GetParent.USER32(?), ref: 640E765D
                                                                                                                • SendMessageW.USER32(00000000,00000472,00000000,00000069), ref: 640E766C
                                                                                                                  • Part of subcall function 640E12AB: CloseHandle.KERNEL32(?,?,640EBB96), ref: 640E12BC
                                                                                                                • GetParent.USER32(?), ref: 640E7682
                                                                                                                  • Part of subcall function 640DF415: GetDlgItem.USER32(?,00003024), ref: 640DF479
                                                                                                                  • Part of subcall function 640DF415: GetWindowLongW.USER32(00000000,000000EB), ref: 640DF484
                                                                                                                  • Part of subcall function 640DF415: SetWindowLongW.USER32(00000000,000000EB,00000001), ref: 640DF4C4
                                                                                                                  • Part of subcall function 640E77A9: SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 640E77CF
                                                                                                                  • Part of subcall function 640F83FD: _memcpy_s.LIBCMT ref: 640F844E
                                                                                                                  • Part of subcall function 640EFB4F: __EH_prolog3.LIBCMT ref: 640EFB56
                                                                                                                  • Part of subcall function 640EFB4F: GetParent.USER32(00000001), ref: 640EFB6B
                                                                                                                  • Part of subcall function 640EFB4F: SendMessageW.USER32(00000000,00000481,00000001,00000000), ref: 640EFB78
                                                                                                                  • Part of subcall function 640EFB4F: GetParent.USER32(00000001), ref: 640EFBB5
                                                                                                                  • Part of subcall function 640EFB4F: SendMessageW.USER32(00000000,0000047E,?,?), ref: 640EFBC1
                                                                                                                  • Part of subcall function 640EFB4F: GetParent.USER32(00000001), ref: 640EFBD3
                                                                                                                  • Part of subcall function 640EFB4F: SendMessageW.USER32(00000000,00000480,?,?), ref: 640EFBDF
                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 640E7702
                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 640E7720
                                                                                                                • SetWindowLongW.USER32(000000FF,000000F4,00000066), ref: 640E772D
                                                                                                                • GetParent.USER32(000000FF), ref: 640E773C
                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 640E7742
                                                                                                                • PostMessageW.USER32(000000FF,000006F5,00000000,00000000), ref: 640E7752
                                                                                                                Strings
                                                                                                                • Failed to initialize items information. engineDataProvider.InitializeItems() returned false, xrefs: 640E75AF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$ParentSend$Window$Long$H_prolog3$CallbackCloseDispatcherException@8HandleItemPostTextThrowUser_memcpy_s
                                                                                                                • String ID: Failed to initialize items information. engineDataProvider.InitializeItems() returned false
                                                                                                                • API String ID: 1640968947-1354499266
                                                                                                                • Opcode ID: d5e9b6c99a98742f9299036b90ccc013c2197fd6a3f54192d97f8402d37646a2
                                                                                                                • Instruction ID: 6b9e7c339d758b1d575fac0b0f72b76e140d215b065eb34f6632b3b056075e59
                                                                                                                • Opcode Fuzzy Hash: d5e9b6c99a98742f9299036b90ccc013c2197fd6a3f54192d97f8402d37646a2
                                                                                                                • Instruction Fuzzy Hash: CF514D75904225DFDB00DFA4C988BAE7BB5FF09318F1441A4E955AF2A2CB319D04CBA0
                                                                                                                Function 6CC2787B Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 96registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC27882
                                                                                                                • RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\PCHealth\ErrorReporting\DW\Installed,00000000,00020019,?,00000014,6CC2781A,?,6CC5831D,00000000), ref: 6CC278B2
                                                                                                                • RegQueryValueExW.ADVAPI32(?,DW0200,00000000,00000000,?,?,?,6CC5831D,00000000), ref: 6CC278D8
                                                                                                                • RegCloseKey.ADVAPI32(?,?,6CC5831D,00000000), ref: 6CC278E4
                                                                                                                • GetFileAttributesW.KERNEL32(?,?,6CC5831D,00000000), ref: 6CC278F9
                                                                                                                • SHGetFolderPathW.SHELL32(00000000,0000002B,00000000,00000000,?,?,6CC5831D,00000000), ref: 6CC2790E
                                                                                                                • GetFileAttributesW.KERNEL32(?,?,6CC5831D,00000000), ref: 6CC27931
                                                                                                                • GetFileAttributesW.KERNEL32(?,?,6CC5831D,00000000), ref: 6CC2798A
                                                                                                                Strings
                                                                                                                • DW\DW20.exe, xrefs: 6CC2795E
                                                                                                                • Software\Microsoft\PCHealth\ErrorReporting\DW\Installed, xrefs: 6CC278A8
                                                                                                                • DW0200, xrefs: 6CC278C9
                                                                                                                • \Microsoft Shared\DW\DW20.exe, xrefs: 6CC2791D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile$CloseFolderH_prolog3OpenPathQueryValue
                                                                                                                • String ID: DW0200$DW\DW20.exe$Software\Microsoft\PCHealth\ErrorReporting\DW\Installed$\Microsoft Shared\DW\DW20.exe
                                                                                                                • API String ID: 2337823764-2373061612
                                                                                                                • Opcode ID: c3eaa5be7adbcf17b6f13ac3d18898f81e28f3c28990305c0cdfe550bf02bef2
                                                                                                                • Instruction ID: 60161df8f4b381f26c3f15a0e5228010ffef173f77090aacf504662705db9b81
                                                                                                                • Opcode Fuzzy Hash: c3eaa5be7adbcf17b6f13ac3d18898f81e28f3c28990305c0cdfe550bf02bef2
                                                                                                                • Instruction Fuzzy Hash: 34316371A10209AFEF009BA4CCC5FBFBA79FF0531DF100619E520A6691E7398955ABA1
                                                                                                                Function 640DD923 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 228memoryfileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640DD92A
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                • PathIsRelativeW.SHLWAPI(00000000,00000000,?,00000000,00000008,640EE271,00000000,?,?,00000DF0,?,?), ref: 640DD960
                                                                                                                • GetModuleFileNameW.KERNEL32(00000010,00000104,?,00000000,00000008,640EE271,00000000,?,?,00000DF0,?,?), ref: 640DD9BA
                                                                                                                • PathCombineW.SHLWAPI(?,?,?,00000000,?,00000000,00000008,640EE271,00000000,?,?,00000DF0,?,?), ref: 640DDA0D
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 640DDAAF
                                                                                                                • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001,?,00000000,00000000,00000002,?,80000000,00000001,00000003,00000080,00000000,00000000), ref: 640DDAD0
                                                                                                                • SysAllocStringLen.OLEAUT32(00000000,?), ref: 640DDB07
                                                                                                                • ReadFile.KERNELBASE(?,?,?,?,00000000,?,00000000,00000008,640EE271,00000000,?,?,00000DF0,?,?), ref: 640DDB38
                                                                                                                • CloseHandle.KERNELBASE(?,?,00000000,00000008,640EE271,00000000,?,?,00000DF0,?,?), ref: 640DDBB5
                                                                                                                Strings
                                                                                                                • ReadXML failed to open XML file %s, with error %d, xrefs: 640DDA8B
                                                                                                                • Could not find mandatory data file %s. This is a bad package., xrefs: 640DDB6E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$H_prolog3Path$AllocCloseCombineException@8HandleModuleNamePointerReadRelativeStringThrow
                                                                                                                • String ID: Could not find mandatory data file %s. This is a bad package.$ReadXML failed to open XML file %s, with error %d
                                                                                                                • API String ID: 3690754453-4172873023
                                                                                                                • Opcode ID: bbb21ddc5fb40e98f76fe82206b18b34f580d07d049419b3851289ecabb888bc
                                                                                                                • Instruction ID: e50edfa9574c8bdd093370f0f19974d1e4ea68f6dd3407d6102a0e9fcd24c7ad
                                                                                                                • Opcode Fuzzy Hash: bbb21ddc5fb40e98f76fe82206b18b34f580d07d049419b3851289ecabb888bc
                                                                                                                • Instruction Fuzzy Hash: B4913971900229EFDF00DFA9C884ADEBBB5FF49328F108525E910B7291DB74A955CFA1
                                                                                                                Function 6CC4473C Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 210commemoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 6CC44746
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC58380: __EH_prolog3.LIBCMT ref: 6CC58387
                                                                                                                  • Part of subcall function 6CC2388B: __EH_prolog3.LIBCMT ref: 6CC23892
                                                                                                                  • Part of subcall function 6CC44464: __EH_prolog3.LIBCMT ref: 6CC4446B
                                                                                                                  • Part of subcall function 6CC44682: __EH_prolog3.LIBCMT ref: 6CC44689
                                                                                                                • CoInitialize.OLE32(00000000), ref: 6CC447F7
                                                                                                                • CoCreateInstance.OLE32(6CC1A974,00000000,00000017,6CC1A9A4,?,?,?,?,?,6CC23864,?,00000000,00000000,6CC5FA6E,00000738,IronMan::EngineData::CreateEngineData), ref: 6CC44815
                                                                                                                  • Part of subcall function 6CC69D05: GetCommandLineW.KERNEL32(9B5DCFA9,?,00000000,ParameterInfo.xml,?,?,?,00000000,?,?,?,?,ParameterInfo.xml,?,00000000,?), ref: 6CC69D54
                                                                                                                • CoUninitialize.COMBASE(025122C8,00000000,?,?,succeeded,6CC1A794,?,?,?,?,6CC23864,?,00000000,00000000,6CC5FA6E,00000738), ref: 6CC448F0
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 6CC448F9
                                                                                                                • SysAllocString.OLEAUT32(?), ref: 6CC4492E
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC449BE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$String$AllocCommandCreateException@8FreeH_prolog3_catchInitializeInstanceLineThrowUninitialize
                                                                                                                • String ID: IronMan::EngineData::CreateEngineData$ParameterInfo.xml$succeeded$threw exception
                                                                                                                • API String ID: 1482071144-3644667230
                                                                                                                • Opcode ID: a509ab6cbf3ee3ac2204fe9e571124cdda4598178a3a1550c41122323be050a5
                                                                                                                • Instruction ID: 01af632ffcd6c319e5167516bfe334dffb993b609f8d22526680c3569c637bc5
                                                                                                                • Opcode Fuzzy Hash: a509ab6cbf3ee3ac2204fe9e571124cdda4598178a3a1550c41122323be050a5
                                                                                                                • Instruction Fuzzy Hash: 12816C71900249EFCB00DFA8C884EDE7BB9AF49318F248549F514EB741E775DA49CB61
                                                                                                                Function 640E31A0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 183COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E31A7
                                                                                                                  • Part of subcall function 640DD76F: __EH_prolog3.LIBCMT ref: 640DD776
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                • _wcschr.LIBCMT ref: 640E31E8
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 640E32A2
                                                                                                                  • Part of subcall function 640FDBDB: RaiseException.KERNEL32(?,?,640F9236,?,?,?,?,?,640F9236,?,64107F54,641122B4), ref: 640FDC1D
                                                                                                                • PathIsRelativeW.SHLWAPI(00000000,?,00000000,00000028,640F6F33,?,?,00000000,00000044,640F668B,?,00000000,00000000,?,?,succeeded), ref: 640E32B9
                                                                                                                • PathFileExistsW.SHLWAPI(00000000,?,?,?,640F2A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008,640EE271,00000000), ref: 640E32C6
                                                                                                                • PathFileExistsW.KERNELBASE(?,00000000,?,?,?,?,640F2A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008), ref: 640E3307
                                                                                                                • PathFileExistsW.KERNELBASE(?,?,?,?,640F2A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008,640EE271,00000000), ref: 640E330A
                                                                                                                  • Part of subcall function 640DCA39: __EH_prolog3.LIBCMT ref: 640DCA40
                                                                                                                  • Part of subcall function 640DCAC2: __EH_prolog3.LIBCMT ref: 640DCAC9
                                                                                                                  • Part of subcall function 640DD170: __EH_prolog3.LIBCMT ref: 640DD177
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Path$ExistsFile$ExceptionException@8RaiseRelativeThrow_wcschr
                                                                                                                • String ID: Successfuly found file %s $UIInfo.xml$UiInfo.xml has INVALID ResourceDLLName %s$^t
                                                                                                                • API String ID: 1926448744-977290811
                                                                                                                • Opcode ID: 7b5820617c6fe053f2852f8c3769567d6b1f142b67d5603c10f390cdba0ab407
                                                                                                                • Instruction ID: 992a56ebdb98d8aa8866b6d779a66561f665257a10bc6a4ff46724ee909dd360
                                                                                                                • Opcode Fuzzy Hash: 7b5820617c6fe053f2852f8c3769567d6b1f142b67d5603c10f390cdba0ab407
                                                                                                                • Instruction Fuzzy Hash: 56715F72900269EFDF00DBE8CD84BEEBBB9BF0531CF144555E850A7291DB34AA19CB61
                                                                                                                Function 640EBF84 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 80windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 640EBF93
                                                                                                                • GetForegroundWindow.USER32 ref: 640EBFBB
                                                                                                                • SetForegroundWindow.USER32(?), ref: 640EBFF4
                                                                                                                • IsWindowVisible.USER32(?), ref: 640EBFD3
                                                                                                                  • Part of subcall function 640DB93E: __EH_prolog3.LIBCMT ref: 640DB945
                                                                                                                • _memset.LIBCMT ref: 640EC021
                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000000,?), ref: 640EC043
                                                                                                                • GetMenuItemInfoW.USER32(00000000), ref: 640EC04A
                                                                                                                • PostMessageW.USER32(?,0000067C,00000000,00000000), ref: 640EC080
                                                                                                                Strings
                                                                                                                • WM_ACTIVATEAPP: Focus stealer's windows WAS visible, NOT taking back focus, xrefs: 640EBFFF
                                                                                                                • 0, xrefs: 640EC035
                                                                                                                • WM_ACTIVATEAPP: Focus stealer's windows was NOT visible, taking back focus, xrefs: 640EBFE3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$ForegroundMenu$H_prolog3InfoItemLongMessagePostSystemVisible_memset
                                                                                                                • String ID: 0$WM_ACTIVATEAPP: Focus stealer's windows WAS visible, NOT taking back focus$WM_ACTIVATEAPP: Focus stealer's windows was NOT visible, taking back focus
                                                                                                                • API String ID: 105400089-2282623533
                                                                                                                • Opcode ID: bdf1dda186de4be3b8d75be04a56b49d88e2f3173be09b12a20653f38fe6d8af
                                                                                                                • Instruction ID: d9a13316d7a657f844af885fb9577448217738256ab06c23ab5d8431af728d6c
                                                                                                                • Opcode Fuzzy Hash: bdf1dda186de4be3b8d75be04a56b49d88e2f3173be09b12a20653f38fe6d8af
                                                                                                                • Instruction Fuzzy Hash: 43215E31548329BFEF205F60DC09BAD3FA4EB04765F108024FA18A91D1DB729564DF99
                                                                                                                Function 640F6EE2 Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 369COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640F6EE9
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640E31A0: __EH_prolog3.LIBCMT ref: 640E31A7
                                                                                                                  • Part of subcall function 640E31A0: _wcschr.LIBCMT ref: 640E31E8
                                                                                                                  • Part of subcall function 640E31A0: __CxxThrowException@8.LIBCMT ref: 640E32A2
                                                                                                                  • Part of subcall function 640E31A0: PathIsRelativeW.SHLWAPI(00000000,?,00000000,00000028,640F6F33,?,?,00000000,00000044,640F668B,?,00000000,00000000,?,?,succeeded), ref: 640E32B9
                                                                                                                  • Part of subcall function 640E31A0: PathFileExistsW.SHLWAPI(00000000,?,?,?,640F2A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008,640EE271,00000000), ref: 640E32C6
                                                                                                                  • Part of subcall function 640E45DE: __EH_prolog3.LIBCMT ref: 640E45E5
                                                                                                                  • Part of subcall function 640E60C9: __EH_prolog3.LIBCMT ref: 640E60D0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Path$Exception@8ExistsFileRelativeThrow_wcschr
                                                                                                                • String ID: ?$EulaPage$FinishPage$MaintenanceModePage$ProgressPage$ResourceDll$SystemRequirementsPage$WelcomePage$Windows
                                                                                                                • API String ID: 1182493169-944454811
                                                                                                                • Opcode ID: 7ab478f1a7f599f75c563095a3fb75d2fc9fbff00915a01d10fb5e0d18ebf17d
                                                                                                                • Instruction ID: 099c3217e668845216e5e80b6831a9faddfdc3417d322d9e145616ba879ac55d
                                                                                                                • Opcode Fuzzy Hash: 7ab478f1a7f599f75c563095a3fb75d2fc9fbff00915a01d10fb5e0d18ebf17d
                                                                                                                • Instruction Fuzzy Hash: 34F14C7190025DEFEF01DBE8C944BEEBBB8AF09318F144159E554E7281DB35EA0ADB21
                                                                                                                Function 6CC3E30E Relevance: 17.9, APIs: 2, Strings: 8, Instructions: 365COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC3E315
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC28415: __EH_prolog3.LIBCMT ref: 6CC2841C
                                                                                                                  • Part of subcall function 6CC2A378: __EH_prolog3.LIBCMT ref: 6CC2A37F
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC3E62B
                                                                                                                  • Part of subcall function 6CC814AA: KiUserExceptionDispatcher.NTDLL(?,?,6CC7C129,00000C00,?,?,?,?,6CC7C129,00000C00,6CC9BA3C,6CCB76D4,00000C00,00000020,6CC5F845,?), ref: 6CC814EC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$DispatcherExceptionException@8ThrowUser
                                                                                                                • String ID: ActionTable$ApplicableIf$Compressed$Compressed items need to have URL and CompressedDownloadSize authored.$File$IsPresent$ParameterInfo.xml$schema validation failure: wrong number of File child nodes!
                                                                                                                • API String ID: 3417717588-3917201069
                                                                                                                • Opcode ID: 9167367959bb9fe5134ddb3e27771bf578d8815392e546ff993cbc87f0a6e803
                                                                                                                • Instruction ID: 77f9368ed948a91a21984fc89a69ba04ee43ee574a66219c38f36e025495881f
                                                                                                                • Opcode Fuzzy Hash: 9167367959bb9fe5134ddb3e27771bf578d8815392e546ff993cbc87f0a6e803
                                                                                                                • Instruction Fuzzy Hash: 95E17371A05249EFDB04CFA8D944ADDBBB8BF09318F148159F418EB740EB35EA09CB65
                                                                                                                Function 6CC44AD9 Relevance: 17.8, APIs: 2, Strings: 8, Instructions: 314COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC44AE0
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC289B7: __EH_prolog3.LIBCMT ref: 6CC289BE
                                                                                                                  • Part of subcall function 6CC289B7: __CxxThrowException@8.LIBCMT ref: 6CC28A89
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC44E3F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8Throw
                                                                                                                • String ID: Blockers$Configuration$EnterMaintenanceModeIf$Items$ParameterInfo.xml$Setup$SystemCheck$schema validation failure: wrong number of child elements under top level Setup element
                                                                                                                • API String ID: 2489616738-3586895666
                                                                                                                • Opcode ID: 3621f0b7ce3efa66c497264bdabeca6215c8adab4df973afb477a52fec2e76ce
                                                                                                                • Instruction ID: dd01f185e4c9c783c63fbdb0b988309f2bf350cf4901638d232da42b854841cf
                                                                                                                • Opcode Fuzzy Hash: 3621f0b7ce3efa66c497264bdabeca6215c8adab4df973afb477a52fec2e76ce
                                                                                                                • Instruction Fuzzy Hash: 93C13B71901249AFCB00DFA8C944EEEBBB9AF09318F148559F525E7781EB34DA09CB61
                                                                                                                Function 6CC36440 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 236COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC36447
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC2A1FF: __EH_prolog3_catch.LIBCMT ref: 6CC2A206
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC36666
                                                                                                                  • Part of subcall function 6CC2838A: __EH_prolog3.LIBCMT ref: 6CC28391
                                                                                                                  • Part of subcall function 6CC28415: __EH_prolog3.LIBCMT ref: 6CC2841C
                                                                                                                Strings
                                                                                                                • HashValue, xrefs: 6CC3649E
                                                                                                                • DownloadSize, xrefs: 6CC364E3
                                                                                                                • CompressedDownloadSize, xrefs: 6CC36571
                                                                                                                • ParameterInfo.xml, xrefs: 6CC365E8, 6CC36688
                                                                                                                • URL, xrefs: 6CC36453
                                                                                                                • schema validation failure: If URL is present then there must be a DownloadSize, xrefs: 6CC365DA
                                                                                                                • CompressedHashValue, xrefs: 6CC3652C
                                                                                                                • schema validation failure: If HashValue is present then it must be a 64 hex-digit string, xrefs: 6CC3667A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8H_prolog3_catchThrow
                                                                                                                • String ID: CompressedDownloadSize$CompressedHashValue$DownloadSize$HashValue$ParameterInfo.xml$URL$schema validation failure: If HashValue is present then it must be a 64 hex-digit string$schema validation failure: If URL is present then there must be a DownloadSize
                                                                                                                • API String ID: 24280941-3047338099
                                                                                                                • Opcode ID: 6bb0fdd556006fac0030f74d03b6e76f1d74663da5757c3f45ceced51c655710
                                                                                                                • Instruction ID: 9f8a4fa75f12e313d30823d5b0c80835a743d1b1e190eececc4311fe45fcc106
                                                                                                                • Opcode Fuzzy Hash: 6bb0fdd556006fac0030f74d03b6e76f1d74663da5757c3f45ceced51c655710
                                                                                                                • Instruction Fuzzy Hash: E9A15F71900649EFCB10DFA8C944EEEBBB9BF05318F244559E155EB790EB34EA08CB61
                                                                                                                Function 6CC66782 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 235comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC66789
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC6988C: __EH_prolog3.LIBCMT ref: 6CC69893
                                                                                                                  • Part of subcall function 6CC6988C: GetCommandLineW.KERNEL32(0000002C,6CC6D52A,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC698B4
                                                                                                                  • Part of subcall function 6CC6988C: PathIsRelativeW.SHLWAPI(?,?,?,00000000,?,UiInfo.xml,?,?,00000000,?), ref: 6CC6996E
                                                                                                                  • Part of subcall function 6CC2A8CC: __EH_prolog3.LIBCMT ref: 6CC2A8D3
                                                                                                                  • Part of subcall function 6CC2A8CC: PathIsRelativeW.SHLWAPI(00000000,00000000,?,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC2A90B
                                                                                                                  • Part of subcall function 6CC2A8CC: GetModuleFileNameW.KERNEL32(00000010,00000104,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC2A964
                                                                                                                  • Part of subcall function 6CC2A8CC: __CxxThrowException@8.LIBCMT ref: 6CC2AA28
                                                                                                                • CoInitialize.OLE32(00000000), ref: 6CC667DD
                                                                                                                • CoCreateInstance.OLE32(6CC1A974,00000000,00000017,6CC1A9A4,6CC5FA6E,?,?,?,UiInfo.xml,?,00000000,00000044,6CC636D8,025122C8,?,00000000), ref: 6CC667FB
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC66A24
                                                                                                                • CoUninitialize.COMBASE(?,6CC9BE00,?,?,?,UiInfo.xml,?,00000000,00000044,6CC636D8,025122C8,?,00000000,?), ref: 6CC66A3A
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 6CC66A43
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8PathRelativeThrow$CommandCreateFileFreeInitializeInstanceLineModuleNameStringUninitialize
                                                                                                                • String ID: LCIDHints$ParameterInfo.xml$UiInfo.xml$Xml Document load failure
                                                                                                                • API String ID: 2432735026-2443555527
                                                                                                                • Opcode ID: dca5cd9fd791cd40954dc6eaa83c1e2e7ab905c9d7805d0a7022bbe1244d49ae
                                                                                                                • Instruction ID: 78112565a81b375dbf04ffa9e50d53326c2d8be103dcd9f6e5c49f16a259af3d
                                                                                                                • Opcode Fuzzy Hash: dca5cd9fd791cd40954dc6eaa83c1e2e7ab905c9d7805d0a7022bbe1244d49ae
                                                                                                                • Instruction Fuzzy Hash: BA916D71900548EFCB00DBE8C984EEDBBB9AF49308F244189E555EBB41E7359E49CB61
                                                                                                                Function 6CC29F34 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 223memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC29F3B
                                                                                                                • VariantInit.OLEAUT32(00000003), ref: 6CC29F49
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 6CC29F83
                                                                                                                  • Part of subcall function 6CC6964C: __get_errno.LIBCMT ref: 6CC6966C
                                                                                                                  • Part of subcall function 6CC6964C: __wcstoui64.LIBCMT ref: 6CC6968F
                                                                                                                  • Part of subcall function 6CC6964C: __get_errno.LIBCMT ref: 6CC696A1
                                                                                                                • __ui64tow_s.LIBCMT ref: 6CC29FEF
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC2A0BC
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 6CC2A0C2
                                                                                                                • VariantClear.OLEAUT32(?), ref: 6CC2A0E9
                                                                                                                Strings
                                                                                                                • Name, xrefs: 6CC2A121
                                                                                                                • schema validation failure: attribute %s missing for %s %s, xrefs: 6CC2A17B
                                                                                                                • schema validation failure: %s is invalid, a non-negitive numeric value is required for %s, xrefs: 6CC2A03C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: StringVariant__get_errno$AllocClearException@8FreeH_prolog3InitThrow__ui64tow_s__wcstoui64
                                                                                                                • String ID: Name$schema validation failure: %s is invalid, a non-negitive numeric value is required for %s$schema validation failure: attribute %s missing for %s %s
                                                                                                                • API String ID: 1723289333-1070666262
                                                                                                                • Opcode ID: 107368f648d0870f95cbfe80d39af635d1f74af693754d8b1d9e4395a33611e7
                                                                                                                • Instruction ID: 81fc1f3403427536de49b353364cc723921353b304bd7aa2e2a8d2ece9c8855c
                                                                                                                • Opcode Fuzzy Hash: 107368f648d0870f95cbfe80d39af635d1f74af693754d8b1d9e4395a33611e7
                                                                                                                • Instruction Fuzzy Hash: 55915871900249EFCF01DFA8C944EDEBBB9BF09318F14455AE515AB691EB34DA08CB61
                                                                                                                Function 6CC2A8CC Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 210filememoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC2A8D3
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                • PathIsRelativeW.SHLWAPI(00000000,00000000,?,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC2A90B
                                                                                                                • GetModuleFileNameW.KERNEL32(00000010,00000104,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC2A964
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC2AA28
                                                                                                                • SetFilePointer.KERNEL32(?,00000000,6CC1A794,00000001,?,00000000,00000000,00000002,?,80000000,00000001,00000003,00000080,00000000,00000000,?), ref: 6CC2AA49
                                                                                                                • ReadFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC2AA97
                                                                                                                • SysAllocStringLen.OLEAUT32(00000000,?), ref: 6CC2AAAC
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC2AB2C
                                                                                                                Strings
                                                                                                                • ReadXML failed to open XML file %s, with error %d, xrefs: 6CC2AA07
                                                                                                                • Could not find mandatory data file %s. This is a bad package., xrefs: 6CC2AAE5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$H_prolog3$AllocCloseException@8HandleModuleNamePathPointerReadRelativeStringThrow
                                                                                                                • String ID: Could not find mandatory data file %s. This is a bad package.$ReadXML failed to open XML file %s, with error %d
                                                                                                                • API String ID: 3768868350-4172873023
                                                                                                                • Opcode ID: c7ca9f913463efb28e8361519bf911ce40c40b588ee65cb092dc6d6e30234299
                                                                                                                • Instruction ID: 677bed31625cabe090b616419ee8de99e4fef4e0bd4df0b242d49e85e6f79cc5
                                                                                                                • Opcode Fuzzy Hash: c7ca9f913463efb28e8361519bf911ce40c40b588ee65cb092dc6d6e30234299
                                                                                                                • Instruction Fuzzy Hash: C3812871900209EFCF10DFA9C884EEEBBB9FF49318F14451AE511B7690E7399A15CBA0
                                                                                                                Function 6CC5A78F Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 160COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC5A796
                                                                                                                  • Part of subcall function 6CC2C5D4: __EH_prolog3.LIBCMT ref: 6CC2C5DB
                                                                                                                  • Part of subcall function 6CC2C5D4: GetLastError.KERNEL32 ref: 6CC2C609
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC61236: __EH_prolog3.LIBCMT ref: 6CC6123D
                                                                                                                • GetLastError.KERNEL32 ref: 6CC5A83B
                                                                                                                • GetLastError.KERNEL32 ref: 6CC5A8F4
                                                                                                                • GetLastError.KERNEL32 ref: 6CC5A95B
                                                                                                                Strings
                                                                                                                • Failed to record PackageName, xrefs: 6CC5A7B8
                                                                                                                • Failed to record PatchType, xrefs: 6CC5A90E
                                                                                                                • Failed to record InstallerVersion, xrefs: 6CC5A8B0
                                                                                                                • Failed to record DisplayedLcidId, xrefs: 6CC5A855
                                                                                                                • Failed to record PackageVersion, xrefs: 6CC5A7F7
                                                                                                                • Failed to record IsRetailBuild, xrefs: 6CC5A975
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorH_prolog3Last
                                                                                                                • String ID: Failed to record DisplayedLcidId$Failed to record InstallerVersion$Failed to record IsRetailBuild$Failed to record PackageName$Failed to record PackageVersion$Failed to record PatchType
                                                                                                                • API String ID: 685212868-335235891
                                                                                                                • Opcode ID: a4ad73e47bd7044dbdb3898f3ab6abd61c47153c9cf47346dd666ace6a96bd22
                                                                                                                • Instruction ID: b012837df882b3b9b58de74bc78d21e8773e48486c60788c0079a19732d117ed
                                                                                                                • Opcode Fuzzy Hash: a4ad73e47bd7044dbdb3898f3ab6abd61c47153c9cf47346dd666ace6a96bd22
                                                                                                                • Instruction Fuzzy Hash: A051A171100208AFDB10DFA5CA44FDA3BBAFF85358F508118B914DBB90EB30D619DB64
                                                                                                                Function 6CC5A2DD Relevance: 16.8, APIs: 5, Strings: 6, Instructions: 271COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 6CC2C53D: GetLastError.KERNEL32(?,6CC5A320,9B5DCFA9,?,?), ref: 6CC2C55E
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC61236: __EH_prolog3.LIBCMT ref: 6CC6123D
                                                                                                                • GetLastError.KERNEL32 ref: 6CC5A393
                                                                                                                • GetLastError.KERNEL32 ref: 6CC5A434
                                                                                                                • GetLastError.KERNEL32 ref: 6CC5A4A7
                                                                                                                • GetLastError.KERNEL32 ref: 6CC5A511
                                                                                                                • GetLastError.KERNEL32 ref: 6CC5A5A5
                                                                                                                Strings
                                                                                                                • Failed to record MPC, xrefs: 6CC5A5BB
                                                                                                                • Failed to record SetMachineId, xrefs: 6CC5A461
                                                                                                                • Failed to record StartupAppid, xrefs: 6CC5A4C1
                                                                                                                • Failed to record StartSession, xrefs: 6CC5A322
                                                                                                                • Failed to record current state name, xrefs: 6CC5A52B
                                                                                                                • Failed to record SetUserId, xrefs: 6CC5A3C0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$H_prolog3
                                                                                                                • String ID: Failed to record MPC$Failed to record SetMachineId$Failed to record SetUserId$Failed to record StartSession$Failed to record StartupAppid$Failed to record current state name
                                                                                                                • API String ID: 3502553090-2804495384
                                                                                                                • Opcode ID: 6153a5c1450d39e2e5b261f58b0b6f9da9d817cc4de314f7f241c9a5386357c2
                                                                                                                • Instruction ID: a366c0e9de97418734f6270dba5b70b51a1fc3c9fc65d253140f722feee100c4
                                                                                                                • Opcode Fuzzy Hash: 6153a5c1450d39e2e5b261f58b0b6f9da9d817cc4de314f7f241c9a5386357c2
                                                                                                                • Instruction Fuzzy Hash: D3A1A1712042419FD720CF66C984BAA7BE9EF84368F400A1CF591D7AA1E734D919CBA6
                                                                                                                Function 6CC42127 Relevance: 16.1, APIs: 2, Strings: 7, Instructions: 317COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC4212E
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC42484
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8Throw
                                                                                                                • String ID: CopyPackageFilesToDownloadLocation$DelayBetweenRetries$DownloadRetries$Items$No items found. The package must contain at least one item.$ParameterInfo.xml$true
                                                                                                                • API String ID: 2489616738-2573507987
                                                                                                                • Opcode ID: 3b997581128062c506dff73aff52e68b8a0923e90da809b5cc350c9deabaa7ef
                                                                                                                • Instruction ID: 0c2221d60abdee11796cdddf9ed255386a6d42f27e491479aa0a7039ab2565f7
                                                                                                                • Opcode Fuzzy Hash: 3b997581128062c506dff73aff52e68b8a0923e90da809b5cc350c9deabaa7ef
                                                                                                                • Instruction Fuzzy Hash: 93D13C70900249DFCF05CFA8C895AEEBBB9BF49318F148199E514EB781D734DA49CBA1
                                                                                                                Function 6E3332BC Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 303COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 6E333302
                                                                                                                  • Part of subcall function 6E333679: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,6E33332F,?), ref: 6E333683
                                                                                                                  • Part of subcall function 6E333679: OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,?,?,6E33332F,?), ref: 6E3336B3
                                                                                                                  • Part of subcall function 6E333679: ConvertSidToStringSidW.ADVAPI32(00000000,?), ref: 6E3336D5
                                                                                                                  • Part of subcall function 6E333679: CloseHandle.KERNEL32(?,?,00000001,?,?,?,?,6E33332F,?), ref: 6E3336E0
                                                                                                                • EnterCriticalSection.KERNEL32(6E350168,?), ref: 6E333334
                                                                                                                • LeaveCriticalSection.KERNEL32(6E350168,00000400,?), ref: 6E3333F5
                                                                                                                • LocalFree.KERNEL32(00000000), ref: 6E33340C
                                                                                                                • SetLastError.KERNEL32(00000057), ref: 6E33341F
                                                                                                                  • Part of subcall function 6E3317EB: malloc.MSVCRT ref: 6E3317F6
                                                                                                                • ctype.LIBCPMT ref: 6E33EDDC
                                                                                                                  • Part of subcall function 6E33343E: GetSystemTime.KERNEL32(00000000,00000838,00000000), ref: 6E33347D
                                                                                                                  • Part of subcall function 6E33343E: SystemTimeToFileTime.KERNEL32(00000000,00000000), ref: 6E33348B
                                                                                                                  • Part of subcall function 6E3330D2: InterlockedIncrement.KERNEL32(00000000), ref: 6E3330D8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Time$CriticalProcessSectionSystem$CloseConvertCurrentEnterErrorFileFreeHandleIncrementInterlockedLastLeaveLocalOpenStringTokenctypemallocmemset
                                                                                                                • String ID: %s_%s$W
                                                                                                                • API String ID: 2889056228-4070589124
                                                                                                                • Opcode ID: ebc6773f60143c1651770684805421cac86caaf3454747ae51c2948a239b4514
                                                                                                                • Instruction ID: 76c441cd53622b458b50fc515af9a9da8aa25ae93891119244583e41b845b292
                                                                                                                • Opcode Fuzzy Hash: ebc6773f60143c1651770684805421cac86caaf3454747ae51c2948a239b4514
                                                                                                                • Instruction Fuzzy Hash: 56C170319003A8DFDBA19F95CC94FDA7BF9BF04348F208495E495A6261DB729E84CF90
                                                                                                                Function 6CC53657 Relevance: 15.1, APIs: 10, Instructions: 118COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,6CC57418,6CC57420,00000002,6CC1A5CC,10000000,00000000), ref: 6CC53693
                                                                                                                • _malloc.LIBCMT ref: 6CC536A4
                                                                                                                • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,6CC1A5CC,10000000,00000000), ref: 6CC536BE
                                                                                                                • _free.LIBCMT ref: 6CC536D2
                                                                                                                • GetAclInformation.ADVAPI32(00000000,6CC57424,0000000C,00000002), ref: 6CC53707
                                                                                                                • _malloc.LIBCMT ref: 6CC53714
                                                                                                                • _memcpy_s.LIBCMT ref: 6CC5372D
                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000), ref: 6CC53752
                                                                                                                • _free.LIBCMT ref: 6CC53764
                                                                                                                • _free.LIBCMT ref: 6CC53772
                                                                                                                  • Part of subcall function 6CC537C3: MakeAbsoluteSD.ADVAPI32(?,00000000,6CC1A5CC,00000000,6CC5740C,00000000,6CC57410,00000000,6CC57414,00000000,6CC57418,?,6CC1A590,6CC1A5CC,10000000,00000000), ref: 6CC53828
                                                                                                                  • Part of subcall function 6CC537C3: GetLastError.KERNEL32 ref: 6CC5382E
                                                                                                                  • Part of subcall function 6CC537C3: _malloc.LIBCMT ref: 6CC53841
                                                                                                                  • Part of subcall function 6CC537C3: _malloc.LIBCMT ref: 6CC53852
                                                                                                                  • Part of subcall function 6CC537C3: _malloc.LIBCMT ref: 6CC53868
                                                                                                                  • Part of subcall function 6CC537C3: _malloc.LIBCMT ref: 6CC5387E
                                                                                                                  • Part of subcall function 6CC537C3: _malloc.LIBCMT ref: 6CC53895
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _malloc$DescriptorSecurity_free$Dacl$AbsoluteErrorInformationInitializeLastMake_memcpy_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 1365157220-0
                                                                                                                • Opcode ID: f39df119ffba3e10c384545d5c957eb8c5ad970b552bd23137fe5b819d002c4b
                                                                                                                • Instruction ID: 7345e9f4f446c71e1dad5dfc32363f64708c0c5e714007d12bd555bbfd915e06
                                                                                                                • Opcode Fuzzy Hash: f39df119ffba3e10c384545d5c957eb8c5ad970b552bd23137fe5b819d002c4b
                                                                                                                • Instruction Fuzzy Hash: DD31D7B1A042057FEB105BB58D55EAEB6B8FB0035CB58452DE511E3A80FF31D8348A64
                                                                                                                Function 6CC72B01 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 345COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • File %s (%s), failed authentication. (Error = %d). It is recommended that you delete this file and retry setup again., xrefs: 6CC72CF1
                                                                                                                • File lock postponed for %s., xrefs: 6CC72D73
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: File %s (%s), failed authentication. (Error = %d). It is recommended that you delete this file and retry setup again.$File lock postponed for %s.
                                                                                                                • API String ID: 0-2368451233
                                                                                                                • Opcode ID: e4f18e369fda17b1d6f89e6377e58c06553aa3147e422c2afa955756c7a846d3
                                                                                                                • Instruction ID: d543d376a7d62159a06a131e5777f24fe90c5516218a3ea8ab3f02e287c9cb75
                                                                                                                • Opcode Fuzzy Hash: e4f18e369fda17b1d6f89e6377e58c06553aa3147e422c2afa955756c7a846d3
                                                                                                                • Instruction Fuzzy Hash: 83C16A721082419FC720DF69C844E9BBBE4FF85728F040B59F5A4A7B91E770D909CBA2
                                                                                                                Function 6CC2AC58 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 298memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC2AC5F
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 6CC2AD66
                                                                                                                • SysAllocString.OLEAUT32(-00000010), ref: 6CC2AE70
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC2AF3F
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC58CD5: __EH_prolog3.LIBCMT ref: 6CC58CDC
                                                                                                                  • Part of subcall function 6CC2838A: __EH_prolog3.LIBCMT ref: 6CC28391
                                                                                                                  • Part of subcall function 6CC28415: __EH_prolog3.LIBCMT ref: 6CC2841C
                                                                                                                Strings
                                                                                                                • ExpressionAlias, xrefs: 6CC2ACAC, 6CC2ADEA
                                                                                                                • schema validation failure: ExpressionAlias's Id not defined or defined too many times: , xrefs: 6CC2AEBF
                                                                                                                • schema validation failure: Invalid ExpressionAlias or Id not found: , xrefs: 6CC2AF84
                                                                                                                • //*[@Id='%s'], xrefs: 6CC2AD26
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$String$AllocException@8FreeThrow
                                                                                                                • String ID: //*[@Id='%s']$ExpressionAlias$schema validation failure: ExpressionAlias's Id not defined or defined too many times: $schema validation failure: Invalid ExpressionAlias or Id not found:
                                                                                                                • API String ID: 191698298-1025498756
                                                                                                                • Opcode ID: c80ad50c1d6bda660178a6fa18ed68ca3c111998d7eeb13ff4b58fd70ca65efc
                                                                                                                • Instruction ID: 7e3d1e0c998d4d4f38797ba90b8d79ba590dc385297399a6c83c7dc6d7188697
                                                                                                                • Opcode Fuzzy Hash: c80ad50c1d6bda660178a6fa18ed68ca3c111998d7eeb13ff4b58fd70ca65efc
                                                                                                                • Instruction Fuzzy Hash: 84C15971900249EFCB00DFE8C984EEEBBB9BF49308F244559E511EB781E7359A49CB60
                                                                                                                Function 6CC6D446 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 206COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 6CC6D44D
                                                                                                                • GetCommandLineW.KERNEL32(0000006C,6CC6B3B6,?,00000738,6CC5FA6E,?,6CC1A794,025122C8), ref: 6CC6D48E
                                                                                                                  • Part of subcall function 6CC23E77: __EH_prolog3.LIBCMT ref: 6CC23E7E
                                                                                                                  • Part of subcall function 6CC23A16: __EH_prolog3.LIBCMT ref: 6CC23A1D
                                                                                                                • CoInitialize.OLE32(00000000), ref: 6CC6D4EF
                                                                                                                • CoUninitialize.COMBASE(?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC6D6A9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$CommandH_prolog3_catchInitializeLineUninitialize
                                                                                                                • String ID: Hide$SplashScreen$UiInfo.xml$nosplashscreen
                                                                                                                • API String ID: 1338294413-2964427009
                                                                                                                • Opcode ID: 80ef638883ccce5a2cf4af6c8608c8b7fcc5208b6b670042bfafa26ad4f070e0
                                                                                                                • Instruction ID: f0f65e2aec9cd7b272d53f1dbf667d4273ad2588d126fc618791866880c8a6f8
                                                                                                                • Opcode Fuzzy Hash: 80ef638883ccce5a2cf4af6c8608c8b7fcc5208b6b670042bfafa26ad4f070e0
                                                                                                                • Instruction Fuzzy Hash: 7F817071904248DBDF01DFE9C984BDEBBB8AF05308F244599E544EBB81EB35DA09CB61
                                                                                                                Function 640DDBFF Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 174comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640DDC06
                                                                                                                  • Part of subcall function 640DD923: __EH_prolog3.LIBCMT ref: 640DD92A
                                                                                                                  • Part of subcall function 640DD923: PathIsRelativeW.SHLWAPI(00000000,00000000,?,00000000,00000008,640EE271,00000000,?,?,00000DF0,?,?), ref: 640DD960
                                                                                                                  • Part of subcall function 640DD923: GetModuleFileNameW.KERNEL32(00000010,00000104,?,00000000,00000008,640EE271,00000000,?,?,00000DF0,?,?), ref: 640DD9BA
                                                                                                                  • Part of subcall function 640DD923: PathCombineW.SHLWAPI(?,?,?,00000000,?,00000000,00000008,640EE271,00000000,?,?,00000DF0,?,?), ref: 640DDA0D
                                                                                                                • CoCreateInstance.OLE32(640D7930,00000000,00000017,640D7970,?,?,?,?,00000030,640E62D8), ref: 640DDC48
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 640DDC69
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640DDE1D: __EH_prolog3.LIBCMT ref: 640DDE24
                                                                                                                  • Part of subcall function 640DDE1D: SysFreeString.OLEAUT32(00000000), ref: 640DDE6B
                                                                                                                  • Part of subcall function 640DCA39: __EH_prolog3.LIBCMT ref: 640DCA40
                                                                                                                  • Part of subcall function 640DCAC2: __EH_prolog3.LIBCMT ref: 640DCAC9
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 640DDD4B
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 640DDD87
                                                                                                                  • Part of subcall function 640DB93E: __EH_prolog3.LIBCMT ref: 640DB945
                                                                                                                Strings
                                                                                                                • m_spDoc->get_documentElement() failed. Parse error is: %s, xrefs: 640DDD19
                                                                                                                • m_spDoc->loadXML() failed. Parse error is: %s, xrefs: 640DDDFE
                                                                                                                • CoCreateInstance(__uuidof(DOMDocument30)) failed with hr=%d, xrefs: 640DDC58
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$FreeString$Path$CombineCreateException@8FileInstanceModuleNameRelativeThrow
                                                                                                                • String ID: CoCreateInstance(__uuidof(DOMDocument30)) failed with hr=%d$m_spDoc->get_documentElement() failed. Parse error is: %s$m_spDoc->loadXML() failed. Parse error is: %s
                                                                                                                • API String ID: 3627190661-2525052916
                                                                                                                • Opcode ID: ba985ee71bd1a9ae8b8a77b1be468c6a9bf1a4e0cbbcca0256e8b6424a3ec6c8
                                                                                                                • Instruction ID: 01430df6b5a3601ddc2013cd00eab78e0f9c293c50b04f917e6d224bff731ef2
                                                                                                                • Opcode Fuzzy Hash: ba985ee71bd1a9ae8b8a77b1be468c6a9bf1a4e0cbbcca0256e8b6424a3ec6c8
                                                                                                                • Instruction Fuzzy Hash: F6616F72800269EFDF00DFE8CD84BEEBBB8AF19308F544159E555A7291D734AA09CB61
                                                                                                                Function 6CC29C3A Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 174COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC29C41
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC29D24
                                                                                                                • __fassign.LIBCMT ref: 6CC29D58
                                                                                                                • _wcstoul.LIBCMT ref: 6CC29D65
                                                                                                                  • Part of subcall function 6CC7B6D0: wcstoxl.LIBCMT ref: 6CC7B6E0
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC2838A: __EH_prolog3.LIBCMT ref: 6CC28391
                                                                                                                • __get_errno.LIBCMT ref: 6CC29D74
                                                                                                                Strings
                                                                                                                • schema validation failure: non-numeric value, %s, for %s, xrefs: 6CC29DB1
                                                                                                                • ", xrefs: 6CC29D88
                                                                                                                • schema validation failure: empty value, %s, for %s, xrefs: 6CC29CA1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8Throw__fassign__get_errno_wcstoulwcstoxl
                                                                                                                • String ID: "$schema validation failure: empty value, %s, for %s$schema validation failure: non-numeric value, %s, for %s
                                                                                                                • API String ID: 2631245360-326575430
                                                                                                                • Opcode ID: 70a4f4deb9c02dd129e7dabadf93f18482e0a3d58cda1855d3f7eacc6e9cfa6b
                                                                                                                • Instruction ID: c78d83173763c6d9a7bd5cd64ceab9e6d38905b9bb6afb65ea697dd61c77a1a5
                                                                                                                • Opcode Fuzzy Hash: 70a4f4deb9c02dd129e7dabadf93f18482e0a3d58cda1855d3f7eacc6e9cfa6b
                                                                                                                • Instruction Fuzzy Hash: 87615E71900149EFCF00DFE8C884EEEBBB9FF05318F14859AE111AB641EB349A49DB61
                                                                                                                Function 6CC551C0 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 154COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 6CC551C7
                                                                                                                • CoInitialize.OLE32(00000000), ref: 6CC551DC
                                                                                                                  • Part of subcall function 6CC78859: SysStringByteLen.OLEAUT32(00000000), ref: 6CC78860
                                                                                                                  • Part of subcall function 6CC78859: SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 6CC78869
                                                                                                                  • Part of subcall function 6CC2B00D: __EH_prolog3.LIBCMT ref: 6CC2B014
                                                                                                                  • Part of subcall function 6CC2B00D: SysFreeString.OLEAUT32(?), ref: 6CC2B044
                                                                                                                • CoUninitialize.COMBASE(?,?,00000000,?,?,?,?,?,ParameterInfo.xml,?,00000000,?,?,ParameterInfo.xml,?,?), ref: 6CC5538C
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC2A6DB: __EH_prolog3.LIBCMT ref: 6CC2A6E2
                                                                                                                  • Part of subcall function 6CC2A6DB: SysFreeString.OLEAUT32(?), ref: 6CC2A72B
                                                                                                                  • Part of subcall function 6CC2A7C3: __EH_prolog3.LIBCMT ref: 6CC2A7CA
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC55343
                                                                                                                Strings
                                                                                                                • //BlockIf[@ID], xrefs: 6CC55218
                                                                                                                • ParameterInfo.xml, xrefs: 6CC552FE
                                                                                                                • BlockIf/@ID cannot contain any token (#(loc.[Name]) references. BlockIf/@ID=", xrefs: 6CC552CB
                                                                                                                • #(loc., xrefs: 6CC552B7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3String$ByteFree$AllocException@8H_prolog3_catchInitializeThrowUninitialize
                                                                                                                • String ID: #(loc.$//BlockIf[@ID]$BlockIf/@ID cannot contain any token (#(loc.[Name]) references. BlockIf/@ID="$ParameterInfo.xml
                                                                                                                • API String ID: 3727013976-3244902561
                                                                                                                • Opcode ID: 43e090b8511a72be2108be1797e88c1d0ef96894b9ef75b4b1cae9c80f7a5aaf
                                                                                                                • Instruction ID: 245a6983f3ea6e617b2298c59ef3b99a7b0bbb99a262a8ca183f1083045db960
                                                                                                                • Opcode Fuzzy Hash: 43e090b8511a72be2108be1797e88c1d0ef96894b9ef75b4b1cae9c80f7a5aaf
                                                                                                                • Instruction Fuzzy Hash: 55515071D0014CEFCB00DBE8C884EDEBBB9AF55318F644159E115EBA80EB349A5ACB65
                                                                                                                Function 6CC350D5 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 140comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 6CC350DC
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC58380: __EH_prolog3.LIBCMT ref: 6CC58387
                                                                                                                  • Part of subcall function 6CC2388B: __EH_prolog3.LIBCMT ref: 6CC23892
                                                                                                                • CoInitialize.OLE32(00000000), ref: 6CC3512A
                                                                                                                • CoCreateInstance.OLE32(6CC1A974,00000000,00000017,6CC1A9A4,00000738,?,?,?,00000000,?,?,?,9B5DCFA9,?,?,?), ref: 6CC35148
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC35270
                                                                                                                  • Part of subcall function 6CC354B1: __EH_prolog3.LIBCMT ref: 6CC354B8
                                                                                                                  • Part of subcall function 6CC354B1: __CxxThrowException@8.LIBCMT ref: 6CC35540
                                                                                                                • CoUninitialize.COMBASE(025122C8,?,succeeded,?,?,?,00000000,?,?,?,9B5DCFA9,?,?,?), ref: 6CC351E6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8Throw$CreateH_prolog3_catchInitializeInstanceUninitialize
                                                                                                                • String ID: IronMan::LocalizedData::CreateLocalizedData$succeeded$threw exception
                                                                                                                • API String ID: 4097945976-352736096
                                                                                                                • Opcode ID: b1a69182a24a1d1acef8cb8736e6d38b86ca21e6d09572081d80fc7c0bc3d805
                                                                                                                • Instruction ID: 75eef082767f00f67c23f9f3699925a3ea57380fbb9d0a52b8e54d82d080f150
                                                                                                                • Opcode Fuzzy Hash: b1a69182a24a1d1acef8cb8736e6d38b86ca21e6d09572081d80fc7c0bc3d805
                                                                                                                • Instruction Fuzzy Hash: BB515B7090111DEFCB01CFA4D884EDEBBB9AF49318F148549F119EB651E7359A49CBA0
                                                                                                                Function 6CC759F8 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 116COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC759FF
                                                                                                                • GetCommandLineW.KERNEL32(?), ref: 6CC75A64
                                                                                                                  • Part of subcall function 6CC5FF21: _wcsnlen.LIBCMT ref: 6CC5FF54
                                                                                                                  • Part of subcall function 6CC5FF21: _memcpy_s.LIBCMT ref: 6CC5FF8A
                                                                                                                Strings
                                                                                                                • - available locally and verified., xrefs: 6CC75AC2
                                                                                                                • - available locally, xrefs: 6CC75AEC
                                                                                                                • not locally available, but no URL to bedownloaded - error!, xrefs: 6CC75B13
                                                                                                                • - payload not required for this item to perform action., xrefs: 6CC75A2C
                                                                                                                • - to be downloaded, xrefs: 6CC75B05
                                                                                                                • - available but not verified yet, xrefs: 6CC75ADC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CommandH_prolog3Line_memcpy_s_wcsnlen
                                                                                                                • String ID: - available but not verified yet$ - available locally$ - available locally and verified.$ - payload not required for this item to perform action.$ - to be downloaded$ not locally available, but no URL to bedownloaded - error!
                                                                                                                • API String ID: 969748958-1544932709
                                                                                                                • Opcode ID: b07858fe9425c71b789a596f18ee7e2d1e4c1026f5d549b52669c1e5cce7518e
                                                                                                                • Instruction ID: b06103a8327416404fda9b5ced5d225012db06d626d5efc0276de87d75be1cd5
                                                                                                                • Opcode Fuzzy Hash: b07858fe9425c71b789a596f18ee7e2d1e4c1026f5d549b52669c1e5cce7518e
                                                                                                                • Instruction Fuzzy Hash: 3B41BD31645208AFDF20CFA8CC85EEF7BA8EF05258F004555F910ABA91E731C96997B1
                                                                                                                Function 6CC277AF Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 66registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegOpenKeyExW.KERNEL32(80000002,System\CurrentControlSet\Services\Eventlog\Application\VSSetup,00000000,00020019,?,?,6CC5831D,00000000), ref: 6CC277E8
                                                                                                                • RegCreateKeyExW.KERNEL32(80000002,System\CurrentControlSet\Services\Eventlog\Application\VSSetup,00000000,00000000,00000000,00020006,00000000,?,00000000,?,6CC5831D,00000000), ref: 6CC27805
                                                                                                                  • Part of subcall function 6CC2787B: __EH_prolog3.LIBCMT ref: 6CC27882
                                                                                                                  • Part of subcall function 6CC2787B: RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\PCHealth\ErrorReporting\DW\Installed,00000000,00020019,?,00000014,6CC2781A,?,6CC5831D,00000000), ref: 6CC278B2
                                                                                                                  • Part of subcall function 6CC2787B: RegQueryValueExW.ADVAPI32(?,DW0200,00000000,00000000,?,?,?,6CC5831D,00000000), ref: 6CC278D8
                                                                                                                  • Part of subcall function 6CC2787B: RegCloseKey.ADVAPI32(?,?,6CC5831D,00000000), ref: 6CC278E4
                                                                                                                  • Part of subcall function 6CC2787B: GetFileAttributesW.KERNEL32(?,?,6CC5831D,00000000), ref: 6CC278F9
                                                                                                                • RegSetValueExW.KERNEL32(?,EventMessageFile,00000000,00000002,?,00000208,?,6CC5831D,00000000), ref: 6CC27836
                                                                                                                • RegSetValueExW.KERNEL32(?,TypesSupported,00000000,00000004,?,00000004,?,6CC5831D,00000000), ref: 6CC27859
                                                                                                                • RegCloseKey.KERNEL32(?,?,6CC5831D,00000000), ref: 6CC27861
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value$CloseOpen$AttributesCreateFileH_prolog3Query
                                                                                                                • String ID: EventMessageFile$System\CurrentControlSet\Services\Eventlog\Application\VSSetup$TypesSupported
                                                                                                                • API String ID: 4021642227-369282485
                                                                                                                • Opcode ID: fd6194221c5718dc758a283e7329c94a18798b32b11cf608ca9ff7052999e904
                                                                                                                • Instruction ID: 04d40445928df007e1d15591a012397db6abe1b1883e0ef1208f7eb3e568c9bb
                                                                                                                • Opcode Fuzzy Hash: fd6194221c5718dc758a283e7329c94a18798b32b11cf608ca9ff7052999e904
                                                                                                                • Instruction Fuzzy Hash: 51119D7174122CBBEB209A568C8DFEBBF7CEF41758F010499B618B2180D7B09E45DAA0
                                                                                                                Function 6CC2B31F Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 247COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC2B326
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC2B25F: __EH_prolog3.LIBCMT ref: 6CC2B266
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC2B5A8
                                                                                                                Strings
                                                                                                                • DisabledCommandLineSwitches, xrefs: 6CC2B353
                                                                                                                • The DisabledCommandLineSwitches block has no CommandLineSwitches specified - either add them or remove the DisabledCommandLineSwit, xrefs: 6CC2B546
                                                                                                                • No DisabledCommandLineSwitches block was specified, xrefs: 6CC2B5C8
                                                                                                                • ParameterInfo.xml, xrefs: 6CC2B554
                                                                                                                • Disabled CommandLineSwitch added: , xrefs: 6CC2B406, 6CC2B4C5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8Throw
                                                                                                                • String ID: Disabled CommandLineSwitch added: $DisabledCommandLineSwitches$No DisabledCommandLineSwitches block was specified$ParameterInfo.xml$The DisabledCommandLineSwitches block has no CommandLineSwitches specified - either add them or remove the DisabledCommandLineSwit
                                                                                                                • API String ID: 2489616738-1449725936
                                                                                                                • Opcode ID: 42c4aa07258fc12461a0dd3cf3651d0ed28554a27d98f1e67cf86109ed0ade2c
                                                                                                                • Instruction ID: 35ad9f72840d66856ab2cd3e21de9462f77a6aa7f293a14ba55189350d5ddf41
                                                                                                                • Opcode Fuzzy Hash: 42c4aa07258fc12461a0dd3cf3651d0ed28554a27d98f1e67cf86109ed0ade2c
                                                                                                                • Instruction Fuzzy Hash: 70A17A71900609DFCF00CFA8C884AEEBBB5BF85308F244599E115EB790EB35EA45CB60
                                                                                                                Function 6CC7537A Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 195COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC75381
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC868B5: PMDtoOffset.LIBCMT ref: 6CC86989
                                                                                                                  • Part of subcall function 6CC868B5: std::bad_exception::bad_exception.LIBCMT ref: 6CC869B3
                                                                                                                  • Part of subcall function 6CC868B5: __CxxThrowException@8.LIBCMT ref: 6CC869C1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8OffsetThrowstd::bad_exception::bad_exception
                                                                                                                • String ID: - authored action for this item is NoOp$ - no products affected by this item. Not Applicable. $ - not applicable $ of $Determining state$nameless item
                                                                                                                • API String ID: 3118957153-195430493
                                                                                                                • Opcode ID: a4c7ec00ef81d1834409821ffc717bbe42cbd7b57e3d4ff30bdff2702a27e74a
                                                                                                                • Instruction ID: 84bf129b872c9dcfc2bcc4632d528577eb2c9568ccc6b5b76379431c4078da86
                                                                                                                • Opcode Fuzzy Hash: a4c7ec00ef81d1834409821ffc717bbe42cbd7b57e3d4ff30bdff2702a27e74a
                                                                                                                • Instruction Fuzzy Hash: FA619872801118AFCB20DBA8CC04EEEBBB9EF05358F544551F424B7A81F7349A18DBB1
                                                                                                                Function 6CC49048 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 175COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC32E48: __EH_prolog3.LIBCMT ref: 6CC32E4F
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC491B1
                                                                                                                Strings
                                                                                                                • : WarnBlockers evaluated to true., xrefs: 6CC4921D
                                                                                                                • : StopBlockers evaluated to true., xrefs: 6CC49209
                                                                                                                • Checking for global blockers, xrefs: 6CC490A8
                                                                                                                • Global Block Checks, xrefs: 6CC49087, 6CC490B7
                                                                                                                • : SuccessBlockers evaluated to true., xrefs: 6CC491E8
                                                                                                                • no blocking conditions found, xrefs: 6CC49078
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8Throw
                                                                                                                • String ID: no blocking conditions found$: StopBlockers evaluated to true.$: SuccessBlockers evaluated to true.$: WarnBlockers evaluated to true.$Checking for global blockers$Global Block Checks
                                                                                                                • API String ID: 2489616738-2937627051
                                                                                                                • Opcode ID: ca08949205672f08f5c203f9bf2092acec8b6dbae917cad11828ec10bc38ad26
                                                                                                                • Instruction ID: d46562e2967118b6a897c2d6be0cc852745bd3941296f1bec0e1008a8f06d84a
                                                                                                                • Opcode Fuzzy Hash: ca08949205672f08f5c203f9bf2092acec8b6dbae917cad11828ec10bc38ad26
                                                                                                                • Instruction Fuzzy Hash: 187147B1508345AFC720CF59C984A5BBBF8BB89314F448E1EF58983A50E771E948CB52
                                                                                                                Function 6CC2B00D Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 152COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC2B014
                                                                                                                  • Part of subcall function 6CC591AF: CoCreateInstance.OLE32(6CC1A974,00000000,00000017,6CC1A9A4,?,?,6CC2B029,?,0000002C,6CC6D55B,?,?,?,?,00000001), ref: 6CC591C5
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 6CC2B044
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC2B128
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 6CC2B163
                                                                                                                  • Part of subcall function 6CC239AD: __EH_prolog3.LIBCMT ref: 6CC239B4
                                                                                                                Strings
                                                                                                                • m_spDoc->loadXML() failed. Parse error is: %s, xrefs: 6CC2B1CB
                                                                                                                • CoCreateInstance(__uuidof(DOMDocument30)) failed with hr=%d, xrefs: 6CC2B033
                                                                                                                • m_spDoc->get_documentElement() failed. Parse error is: %s, xrefs: 6CC2B0F6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeH_prolog3String$CreateException@8InstanceThrow
                                                                                                                • String ID: CoCreateInstance(__uuidof(DOMDocument30)) failed with hr=%d$m_spDoc->get_documentElement() failed. Parse error is: %s$m_spDoc->loadXML() failed. Parse error is: %s
                                                                                                                • API String ID: 1763430278-2525052916
                                                                                                                • Opcode ID: 09612fc84e5dcca2c2188f1addb95d087be1ec613b7493d7d12b7eaf58192e5b
                                                                                                                • Instruction ID: e832aa97a7680d898f4aef4a64f308c31407ca2134d680375fc124ecd24d27a6
                                                                                                                • Opcode Fuzzy Hash: 09612fc84e5dcca2c2188f1addb95d087be1ec613b7493d7d12b7eaf58192e5b
                                                                                                                • Instruction Fuzzy Hash: 69518F72800149EFCB01DFE8C894EEEBBB8BF45318F14455AE112F7641EB399A48DB61
                                                                                                                Function 6CC62C16 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 144fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 6CC28168: GetFileSize.KERNEL32(?,?,?,?,?,6CC53B9F,?,?,00000000,?,?,?,?,00000008,6CC5EC79,?), ref: 6CC28178
                                                                                                                • PathFileExistsW.SHLWAPI(00000000), ref: 6CC62CA8
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC62CE7
                                                                                                                • CopyFileW.KERNEL32(00000010,00000000,00000000,?), ref: 6CC62D19
                                                                                                                • SetFileAttributesW.KERNEL32(?,00000080), ref: 6CC62D32
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC28329: __EH_prolog3.LIBCMT ref: 6CC28330
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$H_prolog3$AttributesCopyException@8ExistsPathSizeThrow
                                                                                                                • String ID: Copy of Header File failed$DHTML Header File doesn't exist$DHTMLLogger
                                                                                                                • API String ID: 1055460099-1824744887
                                                                                                                • Opcode ID: 6aacc1922c570eadd620d718b64c5b47aa61e00a056adec687558e356c8d3f3e
                                                                                                                • Instruction ID: e202cb5907625a119d70f2878c6881ca7a27365f6b42e86af0fa76809277048d
                                                                                                                • Opcode Fuzzy Hash: 6aacc1922c570eadd620d718b64c5b47aa61e00a056adec687558e356c8d3f3e
                                                                                                                • Instruction Fuzzy Hash: F4516972508345AFD710DF69C984E9BBBE8BF85358F400A1EF29097A90E734D619CB22
                                                                                                                Function 6CC54E70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 141fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC54E77
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC25FCE: __EH_prolog3.LIBCMT ref: 6CC25FD5
                                                                                                                  • Part of subcall function 6CC25FCE: PathIsRelativeW.SHLWAPI(?,?,?,?,?,ParameterInfo.xml,?,?,00000738,6CC5FA6E,?,6CC1A794,025122C8), ref: 6CC26018
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC54F68
                                                                                                                  • Part of subcall function 6CC814AA: KiUserExceptionDispatcher.NTDLL(?,?,6CC7C129,00000C00,?,?,?,?,6CC7C129,00000C00,6CC9BA3C,6CCB76D4,00000C00,00000020,6CC5F845,?), ref: 6CC814EC
                                                                                                                  • Part of subcall function 6CC2838A: __EH_prolog3.LIBCMT ref: 6CC28391
                                                                                                                  • Part of subcall function 6CC2A378: __EH_prolog3.LIBCMT ref: 6CC2A37F
                                                                                                                • ReadFile.KERNEL32(?,?,00000002,?,00000000,?,80000000,00000001,00000003,00000080,00000000,?,?,?,?,0000002C), ref: 6CC54F7E
                                                                                                                • CloseHandle.KERNEL32(?), ref: 6CC54FA1
                                                                                                                  • Part of subcall function 6CC28329: __EH_prolog3.LIBCMT ref: 6CC28330
                                                                                                                  • Part of subcall function 6CC2A3BC: __EH_prolog3.LIBCMT ref: 6CC2A3C3
                                                                                                                Strings
                                                                                                                • File %s could not be opened for read, xrefs: 6CC54F0F
                                                                                                                • ParameterInfo.xml, xrefs: 6CC54FE5
                                                                                                                • File %s is not UTF-16 with Byte Order Marks (BOM), xrefs: 6CC54FCC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$CloseDispatcherExceptionException@8FileHandlePathReadRelativeThrowUser
                                                                                                                • String ID: File %s could not be opened for read$File %s is not UTF-16 with Byte Order Marks (BOM)$ParameterInfo.xml
                                                                                                                • API String ID: 682709548-652212332
                                                                                                                • Opcode ID: b084373058edb0507d35997b91b98bb8ee4db3e2d05dd2fd6b3ebd2aa4ac1b36
                                                                                                                • Instruction ID: 0f9c34847e1e3229610dea6ea963c4b2310cb2761c597810e0058cb9b15c07e1
                                                                                                                • Opcode Fuzzy Hash: b084373058edb0507d35997b91b98bb8ee4db3e2d05dd2fd6b3ebd2aa4ac1b36
                                                                                                                • Instruction Fuzzy Hash: EA517D72900149EFCF11CFE8C944EDEBBB9AF04318F54815AF250B7691EB319A28CB61
                                                                                                                Function 6CC57F6A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 113COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6CC57F74
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                • _memset.LIBCMT ref: 6CC57FD4
                                                                                                                • GetVersionExW.KERNEL32 ref: 6CC57FED
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3H_prolog3_Version_memset
                                                                                                                • String ID: Could not determine OS version$OS Description = %s$OS Version = %d.%d.%d, Platform %d$OS Version Information
                                                                                                                • API String ID: 3727276431-2914782974
                                                                                                                • Opcode ID: 72288a4a47981b53dab9b913cc2bb400148f2f8ea81913ba5db0d2388e5bb0a0
                                                                                                                • Instruction ID: 152726735b55fa8407ec18bb1ab5271fb3cb36fba9a60d2a4f0c210259162151
                                                                                                                • Opcode Fuzzy Hash: 72288a4a47981b53dab9b913cc2bb400148f2f8ea81913ba5db0d2388e5bb0a0
                                                                                                                • Instruction Fuzzy Hash: 8D413D319101189BCB21DBA8CC45FCDB7B8AF49308F4445D6E248E7A51EB74EBA9CF94
                                                                                                                Function 6CC295C1 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 107memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC295C8
                                                                                                                • VariantInit.OLEAUT32(?), ref: 6CC295DB
                                                                                                                • VariantClear.OLEAUT32(00000008), ref: 6CC2962E
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 6CC2960E
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 6CC29651
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC296F8
                                                                                                                Strings
                                                                                                                • schema validation error: attribute not found - , xrefs: 6CC29676
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3StringVariant$AllocClearException@8FreeInitThrow
                                                                                                                • String ID: schema validation error: attribute not found -
                                                                                                                • API String ID: 8365360-3489740836
                                                                                                                • Opcode ID: 8572dac8603613428d4d0d1901522527767074cd08407c2afe0dbe19d9a7ac20
                                                                                                                • Instruction ID: be0c1d9ce9502604dd10116aa11b9d933b78d0742b36665543038d2cea88c8ac
                                                                                                                • Opcode Fuzzy Hash: 8572dac8603613428d4d0d1901522527767074cd08407c2afe0dbe19d9a7ac20
                                                                                                                • Instruction Fuzzy Hash: E9416D71900249EFCF00DFA8C888EDEBBB8BF05318F148659F561A7640EB35DA48CB61
                                                                                                                Function 6CC6374B Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 99COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC63752
                                                                                                                  • Part of subcall function 6CC25D3F: __EH_prolog3.LIBCMT ref: 6CC25D46
                                                                                                                  • Part of subcall function 6CC25D3F: GetModuleFileNameW.KERNEL32(6CC00000,00000010,00000104,?,6CC5831D,00000000), ref: 6CC25D93
                                                                                                                  • Part of subcall function 6CC2C259: __EH_prolog3.LIBCMT ref: 6CC2C260
                                                                                                                  • Part of subcall function 6CC58E4A: PathAppendW.SHLWAPI(00000000,?,?,?,?,?,6CC699FD,00000000,00000000,?,?,?,00000000,?,UiInfo.xml), ref: 6CC58E6E
                                                                                                                • PathFileExistsW.SHLWAPI(?,SetupResources.dll,00000000,00000738,00000000,6CC5FA6E,0000000C,6CC63A05,?,6CC1A794,?), ref: 6CC637B7
                                                                                                                • PathFileExistsW.SHLWAPI(00000000,LocalizedData.xml,00000000,00000738,00000000), ref: 6CC63846
                                                                                                                  • Part of subcall function 6CC239AD: __EH_prolog3.LIBCMT ref: 6CC239B4
                                                                                                                Strings
                                                                                                                • LocalizedData.xml, xrefs: 6CC63835
                                                                                                                • SetupResources.dll, xrefs: 6CC637A0
                                                                                                                • SetupResources.dll missing from %d directory, xrefs: 6CC637BE
                                                                                                                • LocalizedData.xml missing from %d directory, xrefs: 6CC6384D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$FilePath$Exists$AppendModuleName
                                                                                                                • String ID: LocalizedData.xml$LocalizedData.xml missing from %d directory$SetupResources.dll$SetupResources.dll missing from %d directory
                                                                                                                • API String ID: 3590062302-1245617268
                                                                                                                • Opcode ID: 5628a17d81e1f22eb85d541523c7095f010eae7419996dbee6d0e5244afe3021
                                                                                                                • Instruction ID: 5fd7bae6f9054ab20673907e16c1a62b41f11424a1779dcd97775e10886ea858
                                                                                                                • Opcode Fuzzy Hash: 5628a17d81e1f22eb85d541523c7095f010eae7419996dbee6d0e5244afe3021
                                                                                                                • Instruction Fuzzy Hash: 94318F71900109EFDB10DBA9CD45FEE77B8AF01328F184652E524EBB95E734DA088B65
                                                                                                                Function 6CC6101A Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 94COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC61021
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC2C406: RegOpenKeyExW.KERNEL32(80000002,?,00000000,00000001,?,?,?,?,?,6CC635F5,?,SYSTEM\CurrentControlSet\Control\Windows,?,?,CSDReleaseType), ref: 6CC2C426
                                                                                                                  • Part of subcall function 6CC2C406: RegQueryValueExW.KERNEL32(?,?,00000000,00000000,6CC60F4A,00000004,?,?,?,6CC635F5,?,SYSTEM\CurrentControlSet\Control\Windows,?,?,CSDReleaseType), ref: 6CC2C43F
                                                                                                                  • Part of subcall function 6CC2C406: RegCloseKey.KERNEL32(?,?,?,?,6CC635F5,?,SYSTEM\CurrentControlSet\Control\Windows,?,?,CSDReleaseType,?,025122C8,00000004,6CC60F4A,?), ref: 6CC2C44E
                                                                                                                • GetLastError.KERNEL32(?,Software\Microsoft\DevDiv,?,?,PerfLab,?,?,0000000C,6CC5A58E,?,6CC1A794,?,025122C8,?,00000000,?), ref: 6CC61092
                                                                                                                • GetLastError.KERNEL32(?,00000000,?,Failed to record IsInternal,?,Software\Microsoft\DevDiv,?,?,PerfLab,?,?,0000000C,6CC5A58E,?,6CC1A794,?), ref: 6CC610F0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorH_prolog3Last$CloseOpenQueryValue
                                                                                                                • String ID: Failed to record IsAdmin$Failed to record IsInternal$PerfLab$Software\Microsoft\DevDiv
                                                                                                                • API String ID: 716194244-1174128248
                                                                                                                • Opcode ID: d97754b632aca5e67f77172005d01c0a99eac19d712dbf3e8dde13f434cf3995
                                                                                                                • Instruction ID: 03f8397f426f2999f5b5c1efc5b06faaea8565cecd26aa2395739b4a26e0f52c
                                                                                                                • Opcode Fuzzy Hash: d97754b632aca5e67f77172005d01c0a99eac19d712dbf3e8dde13f434cf3995
                                                                                                                • Instruction Fuzzy Hash: BA31E971A00245AFDB10CFAACE45EEE7BB9FF45319B100619E560E7F80E734DA09D661
                                                                                                                Function 640F3BC0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 93COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 640F3BCA
                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,?,00000698,640F03E4,00000000), ref: 640F3BE0
                                                                                                                  • Part of subcall function 640EF6DE: __EH_prolog3_GS.LIBCMT ref: 640EF6E8
                                                                                                                  • Part of subcall function 640EF6DE: _memset.LIBCMT ref: 640EF714
                                                                                                                  • Part of subcall function 640EF6DE: _memset.LIBCMT ref: 640EF741
                                                                                                                  • Part of subcall function 640EF6DE: GetVersionExW.KERNEL32 ref: 640EF75A
                                                                                                                • GetOpenFileNameW.COMDLG32(?), ref: 640F3C44
                                                                                                                • GetSaveFileNameW.COMDLG32(?), ref: 640F3C4C
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 640F3C73
                                                                                                                • _memcpy_s.LIBCMT ref: 640F3CE8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentDirectoryFileH_prolog3_Name_memset$OpenSaveVersion_memcpy_s
                                                                                                                • String ID: od
                                                                                                                • API String ID: 133044998-1032595251
                                                                                                                • Opcode ID: 6c13467645c4b57bf5a33b1bc00adc2b45c551a4f1e886e0f9389e1f3d8377b8
                                                                                                                • Instruction ID: c8ece4cb600ae813f14d391d3dfb81b297e50cfd4d6b4b83e8ec13415b9f9d85
                                                                                                                • Opcode Fuzzy Hash: 6c13467645c4b57bf5a33b1bc00adc2b45c551a4f1e886e0f9389e1f3d8377b8
                                                                                                                • Instruction Fuzzy Hash: 2741AE719002389FEB60DB60CC49BC9B7B9AF49328F4041E9E418A7550DF719AA6CF91
                                                                                                                Function 6CC276AC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC276B3
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,00000010,00000104), ref: 6CC27711
                                                                                                                • GetFileVersionInfoSizeW.KERNELBASE(00000010,?), ref: 6CC2772A
                                                                                                                • GetFileVersionInfoW.KERNELBASE(00000010,?,00000000,00000000), ref: 6CC27745
                                                                                                                • VerQueryValueW.VERSION(00000000,6CC0496C,?,?), ref: 6CC2775D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$H_prolog3InfoVersion$ModuleNameQuerySizeValue
                                                                                                                • String ID: %d.%d.%d.%d$0.0.0.0
                                                                                                                • API String ID: 1538924429-464342551
                                                                                                                • Opcode ID: eb1806816ed108343bf5d7580f869b2fc3b76cee1a6367dd1ce62a850ceb312c
                                                                                                                • Instruction ID: a600094b6a3cfb82748deed53c465299acae7358774680b250f003dad566183c
                                                                                                                • Opcode Fuzzy Hash: eb1806816ed108343bf5d7580f869b2fc3b76cee1a6367dd1ce62a850ceb312c
                                                                                                                • Instruction Fuzzy Hash: C2318071A0011AABDB00DFA5CC84DFFBB79FF44318B10452AF551A7690EB319E16DBA0
                                                                                                                Function 6CC57E78 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 76COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC57E7F
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC58380: __EH_prolog3.LIBCMT ref: 6CC58387
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: AlwaysUploaded$Disabled$Unknown$User Experience Data Collection Policy$User Experience Data Collection Policy: %s$UserControlled
                                                                                                                • API String ID: 431132790-3357067047
                                                                                                                • Opcode ID: f53f827daff9bd81472fc44e78060e2d561f228cc9ad189722ee3c337280880c
                                                                                                                • Instruction ID: e6dfa81cbbf8c7248ad4fa3e143b7418c6420a1903c34b703945dc5b091bb4fa
                                                                                                                • Opcode Fuzzy Hash: f53f827daff9bd81472fc44e78060e2d561f228cc9ad189722ee3c337280880c
                                                                                                                • Instruction Fuzzy Hash: E1219C719141099BCF01DBE9C844EDEBBF8AF14308F548546E100F7B80E735DA29DBA5
                                                                                                                Function 6CC475C2 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 65fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC475C9
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                • OpenFileMappingW.KERNEL32(00000002,00000000,00000000,?,6CC1AB18,00000008,6CC476FE,?,?,00000004,6CC6C454,?,6CC195D4,00000000,00000001,?), ref: 6CC475F2
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00000001), ref: 6CC475FF
                                                                                                                  • Part of subcall function 6CC2C338: __EH_prolog3.LIBCMT ref: 6CC2C33F
                                                                                                                  • Part of subcall function 6CC58CD5: __EH_prolog3.LIBCMT ref: 6CC58CDC
                                                                                                                • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000424,?,?,?,?,00000001), ref: 6CC47654
                                                                                                                • UnmapViewOfFile.KERNEL32(00000000,?,0000021A,?,?,?,?,00000001), ref: 6CC47670
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00000001), ref: 6CC47679
                                                                                                                Strings
                                                                                                                • OpenFileMapping fails with last error: , xrefs: 6CC4760F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$File$View$CloseErrorHandleLastMappingOpenUnmap
                                                                                                                • String ID: OpenFileMapping fails with last error:
                                                                                                                • API String ID: 2964829354-1738344248
                                                                                                                • Opcode ID: 73dfaeca4e0edde09742b70e7befca788999b72361d0e78838a666ea19a95912
                                                                                                                • Instruction ID: 55e9dbd9abd8ecdbadfa8672046fa29606a2537a2343834e9ac0ba0b64bf2fd3
                                                                                                                • Opcode Fuzzy Hash: 73dfaeca4e0edde09742b70e7befca788999b72361d0e78838a666ea19a95912
                                                                                                                • Instruction Fuzzy Hash: CF216A71A01158AFCB20EFA8C909EDEBBB5FF85358F108209F515AB640EB31CA15DB61
                                                                                                                Function 6CC6ACD8 Relevance: 12.1, APIs: 8, Instructions: 93COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6CC6ACDF
                                                                                                                • GetTokenInformation.KERNELBASE(00000002,00000001(TokenIntegrityLevel),00000000,00000000,00000009,0000000C,6CC549C0,6CC1A5D8,6CC1A54C), ref: 6CC6AD06
                                                                                                                • GetLastError.KERNEL32 ref: 6CC6AD08
                                                                                                                • GetTokenInformation.KERNELBASE(00000002,00000001(TokenIntegrityLevel),00000008,00000400,00000400,80070216), ref: 6CC6AD81
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InformationToken$ErrorH_prolog3_Last
                                                                                                                • String ID:
                                                                                                                • API String ID: 654496852-0
                                                                                                                • Opcode ID: 1fa2b8240a63b2886d5d92a6250e2f104455be16df72d42e76572529a0c5b696
                                                                                                                • Instruction ID: 9ea1c6cff0bbbfd4c08eaa27db4a755264c3137da89d6f5c0809689f731ec03c
                                                                                                                • Opcode Fuzzy Hash: 1fa2b8240a63b2886d5d92a6250e2f104455be16df72d42e76572529a0c5b696
                                                                                                                • Instruction Fuzzy Hash: FD31F131900535ABCF118F6ACA90ADE77B4FF86769B214155E900BBE50E731CD41CBE0
                                                                                                                Function 6CC35E2B Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 169COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 6CC25D3F: __EH_prolog3.LIBCMT ref: 6CC25D46
                                                                                                                  • Part of subcall function 6CC25D3F: GetModuleFileNameW.KERNEL32(6CC00000,00000010,00000104,?,6CC5831D,00000000), ref: 6CC25D93
                                                                                                                  • Part of subcall function 6CC35B82: __EH_prolog3_GS.LIBCMT ref: 6CC35B8C
                                                                                                                  • Part of subcall function 6CC35B82: _memset.LIBCMT ref: 6CC35BBB
                                                                                                                  • Part of subcall function 6CC35B82: FindFirstFileW.KERNEL32(?,?,????), ref: 6CC35BDA
                                                                                                                  • Part of subcall function 6CC35B82: FindClose.KERNEL32(?), ref: 6CC35CC1
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC35FF0
                                                                                                                  • Part of subcall function 6CC78EAB: _memcpy_s.LIBCMT ref: 6CC78EFC
                                                                                                                  • Part of subcall function 6CC58E4A: PathAppendW.SHLWAPI(00000000,?,?,?,?,?,6CC699FD,00000000,00000000,?,?,?,00000000,?,UiInfo.xml), ref: 6CC58E6E
                                                                                                                • PathFileExistsW.SHLWAPI(?,LocalizedData.xml,?,?,?,9B5DCFA9,ParameterInfo.xml,00000000,?,ParameterInfo.xml,?,00000000,?,?,ParameterInfo.xml), ref: 6CC35EF1
                                                                                                                  • Part of subcall function 6CC35CE1: __EH_prolog3.LIBCMT ref: 6CC35CE8
                                                                                                                  • Part of subcall function 6CC35CE1: CoInitialize.OLE32(00000000), ref: 6CC35D1A
                                                                                                                  • Part of subcall function 6CC35CE1: CoCreateInstance.OLE32(6CC1A974,00000000,00000017,6CC1A9A4,?,?,?,00000014,6CC35F14,?,?,?,?,9B5DCFA9,ParameterInfo.xml,00000000), ref: 6CC35D38
                                                                                                                  • Part of subcall function 6CC35CE1: CoUninitialize.COMBASE(?,?,00000014,6CC35F14,?,?,?,?,9B5DCFA9,ParameterInfo.xml,00000000,?,ParameterInfo.xml,?,00000000,?), ref: 6CC35DE8
                                                                                                                  • Part of subcall function 6CC35CE1: SysFreeString.OLEAUT32(00000738), ref: 6CC35DF1
                                                                                                                Strings
                                                                                                                • LocalizedData.xml, xrefs: 6CC35EDF
                                                                                                                • LocalizedData.xml is missing in resource folder %s. Every resource folder needs a LocalizedData.xml, xrefs: 6CC36026
                                                                                                                • ParameterInfo.xml, xrefs: 6CC35E45, 6CC35FA2
                                                                                                                • LocalizedData.xml in resource folder %s, does not have a Language element, xrefs: 6CC35F87
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$FindH_prolog3Path$AppendCloseCreateException@8ExistsFirstFreeH_prolog3_InitializeInstanceModuleNameStringThrowUninitialize_memcpy_s_memset
                                                                                                                • String ID: LocalizedData.xml$LocalizedData.xml in resource folder %s, does not have a Language element$LocalizedData.xml is missing in resource folder %s. Every resource folder needs a LocalizedData.xml$ParameterInfo.xml
                                                                                                                • API String ID: 2922719316-412676173
                                                                                                                • Opcode ID: 61c6afca1ec5cc40374b1a010e5b0ba58c12a1776583c324b06e6247b89d5212
                                                                                                                • Instruction ID: f5ac2ae24bb98dcf45d42e4c287385160ef9dc3dfef920add5d3dfcedb4817c3
                                                                                                                • Opcode Fuzzy Hash: 61c6afca1ec5cc40374b1a010e5b0ba58c12a1776583c324b06e6247b89d5212
                                                                                                                • Instruction Fuzzy Hash: 68618D325083819FC710DFA8D844E9EB7E8FF89318F440A5DF09597A51EB35E509CB92
                                                                                                                Function 6CC6401F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 98threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC64026
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                • GetThreadLocale.KERNEL32(?,DHTMLHeader.html), ref: 6CC64041
                                                                                                                • GetModuleFileNameW.KERNEL32(6CC00000,00000010,00000104), ref: 6CC640B3
                                                                                                                • PathFileExistsW.SHLWAPI(?,00000014,00000000), ref: 6CC64101
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileH_prolog3$ExistsLocaleModuleNamePathThread
                                                                                                                • String ID: %04d\%s$DHTMLHeader.html
                                                                                                                • API String ID: 3575165106-1224721414
                                                                                                                • Opcode ID: 2aee2945f3e574bfdaf826f0c2250829e589a991659a4815ec654f38ed3b95ff
                                                                                                                • Instruction ID: 9503266987d371e239112443a44a801c3991aaadbb44cc2ef2f0f64479740ab3
                                                                                                                • Opcode Fuzzy Hash: 2aee2945f3e574bfdaf826f0c2250829e589a991659a4815ec654f38ed3b95ff
                                                                                                                • Instruction Fuzzy Hash: B9414C71A1010A9FCF10DFA8C888EEEBBB4FF05318F440569E211B7651EB34DA19CBA4
                                                                                                                Function 640E33F3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E33FA
                                                                                                                • LoadLibraryW.KERNELBASE(?,00000008,640E3377,?), ref: 640E3427
                                                                                                                • GetLastError.KERNEL32 ref: 640E3437
                                                                                                                  • Part of subcall function 640DB93E: __EH_prolog3.LIBCMT ref: 640DB945
                                                                                                                • GetLastError.KERNEL32 ref: 640E344B
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 640E346E
                                                                                                                Strings
                                                                                                                • ::LoadLibrary(%s) failed with error %d, xrefs: 640E343C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorH_prolog3Last$Exception@8LibraryLoadThrow
                                                                                                                • String ID: ::LoadLibrary(%s) failed with error %d
                                                                                                                • API String ID: 3804648058-20907036
                                                                                                                • Opcode ID: 7510434a1317800610093ec1e8f2be4f0d9af5b3a6db4f0e143f90e932784d78
                                                                                                                • Instruction ID: aefc93bf73f6887e442451ab75b09a7e71c76bc301040382e01fe05f5c23c6a2
                                                                                                                • Opcode Fuzzy Hash: 7510434a1317800610093ec1e8f2be4f0d9af5b3a6db4f0e143f90e932784d78
                                                                                                                • Instruction Fuzzy Hash: EA018FB1900226EFEB01DFA9C884B6EBEA0FF15708F508134E808DF254DB75E915CB92
                                                                                                                Function 6CC25485 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC2548C
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,0000002C,6CC27DAF,?,?,?,?,?,00000000,?,?,6CC1AB18,00000008,6CC27CD9), ref: 6CC2549C
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 6CC254B9
                                                                                                                • GetNativeSystemInfo.KERNEL32(?), ref: 6CC254E0
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$AddressHandleInfoModuleNativeProcSystem
                                                                                                                • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                • API String ID: 2427612476-192647395
                                                                                                                • Opcode ID: 5745f5619634b3aa68cb81813b44eb3b777d9f888173aa86bff98edd8f9199c9
                                                                                                                • Instruction ID: b968ddeefac1a5ac013bb1b6f9509c7e748aec28988950f71a6c44924f294731
                                                                                                                • Opcode Fuzzy Hash: 5745f5619634b3aa68cb81813b44eb3b777d9f888173aa86bff98edd8f9199c9
                                                                                                                • Instruction Fuzzy Hash: 91F02431B24605ABDB00EBA6D904BCEB276BF8030EF218818F100E6E00FB7CC6098791
                                                                                                                Function 640F3E60 Relevance: 9.0, APIs: 6, Instructions: 49windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640F3E67
                                                                                                                • SetWindowLongW.USER32(?,000000F4,00000066), ref: 640F3E7B
                                                                                                                  • Part of subcall function 640DFF14: EnumChildWindows.USER32(?,Function_0000FF39,?), ref: 640DFF21
                                                                                                                • GetParent.USER32(?), ref: 640F3EB7
                                                                                                                • SendMessageW.USER32(00000000,00000485,00000000,00000066), ref: 640F3EC2
                                                                                                                • GetParent.USER32(?), ref: 640F3ECF
                                                                                                                • GetDesktopWindow.USER32 ref: 640F3ED4
                                                                                                                  • Part of subcall function 640F8E26: HeapFree.KERNEL32(00000000,00000000,?,640F9BCC,00000000,?,640FB575,640F9054), ref: 640F8E3C
                                                                                                                  • Part of subcall function 640F8E26: GetLastError.KERNEL32(00000000,?,640F9BCC,00000000,?,640FB575,640F9054), ref: 640F8E4E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ParentWindow$ChildDesktopEnumErrorFreeH_prolog3HeapLastLongMessageSendWindows
                                                                                                                • String ID:
                                                                                                                • API String ID: 1093383602-0
                                                                                                                • Opcode ID: b660b4c59f42ccb81a1144461f7275c597e9cec8bd05bc94a4662ce41ca27018
                                                                                                                • Instruction ID: 2b88b8a0d12e9c4bcf96a192359027b1d2354335be9ae89730250143e17b2929
                                                                                                                • Opcode Fuzzy Hash: b660b4c59f42ccb81a1144461f7275c597e9cec8bd05bc94a4662ce41ca27018
                                                                                                                • Instruction Fuzzy Hash: C8115A74E00218DBDF10DFA5CC84A9EFBF5FF89704B10852AE425EB290DB359A05CB50
                                                                                                                Function 6CC5F8D1 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 6CC5F8D8
                                                                                                                • GetCommandLineW.KERNEL32(00000044,6CC58323,00000000), ref: 6CC5F8EA
                                                                                                                  • Part of subcall function 6CC23E77: __EH_prolog3.LIBCMT ref: 6CC23E7E
                                                                                                                • __time64.LIBCMT ref: 6CC5FA7B
                                                                                                                  • Part of subcall function 6CC572E4: __EH_prolog3_catch.LIBCMT ref: 6CC572EB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3_catch$CommandH_prolog3Line__time64
                                                                                                                • String ID: %TEMP%\$Setup
                                                                                                                • API String ID: 3716462386-3413213476
                                                                                                                • Opcode ID: ce60b05b5a20da06254da03ba9d0749235374e2b9c59fb3be902bb5707668a7c
                                                                                                                • Instruction ID: 2a202635489058e15cb37552bd001c36e7d6dfb98ab8c30cf3b0aee7c32f73cf
                                                                                                                • Opcode Fuzzy Hash: ce60b05b5a20da06254da03ba9d0749235374e2b9c59fb3be902bb5707668a7c
                                                                                                                • Instruction Fuzzy Hash: AC716971900209DFCF04CFE8C984AEEBBB5BF49318F24415AE151BB790EB349A58CB65
                                                                                                                Function 6CC43EB2 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 157COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC43EB9
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: ProcessBlocks$ProductDriveHints$ServiceBlocks$SystemCheck
                                                                                                                • API String ID: 431132790-3784926136
                                                                                                                • Opcode ID: 1329247d39b21dc56e2f8857c1fe872aa74e0101317a5892113bd02a536aa47e
                                                                                                                • Instruction ID: fdb529b0c360927d77131e7cbec96615602c51f7c9ca829f4e8ea65ef7753452
                                                                                                                • Opcode Fuzzy Hash: 1329247d39b21dc56e2f8857c1fe872aa74e0101317a5892113bd02a536aa47e
                                                                                                                • Instruction Fuzzy Hash: 55515D71900249EFDF10DFA8C985AEE7BB8AF49318F148159F914EB781D734DA09CB61
                                                                                                                Function 6CC55691 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 151COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC55698
                                                                                                                • PathIsRelativeW.SHLWAPI(00000000,?), ref: 6CC55735
                                                                                                                • PathFileExistsW.SHLWAPI(00000001,?), ref: 6CC557C3
                                                                                                                Strings
                                                                                                                • Package authoring error. The Url for this item is not authored and the item does not exist locally: , xrefs: 6CC557FB
                                                                                                                • pLocalPath is NULL!!!!!!, xrefs: 6CC5585B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Path$ExistsFileH_prolog3Relative
                                                                                                                • String ID: Package authoring error. The Url for this item is not authored and the item does not exist locally: $pLocalPath is NULL!!!!!!
                                                                                                                • API String ID: 1035510722-3253188715
                                                                                                                • Opcode ID: 88c7d3bb6d0f5b87b09af71d25f1e4886d515bd435375f57c931e86d9b439406
                                                                                                                • Instruction ID: 18b8d27ac4ead6bc190a9b3ae7db65ce04f7ffb2c30982be3dd09bb81aaca0e0
                                                                                                                • Opcode Fuzzy Hash: 88c7d3bb6d0f5b87b09af71d25f1e4886d515bd435375f57c931e86d9b439406
                                                                                                                • Instruction Fuzzy Hash: FA51C171901149EFDB10DBA8C844EEEBBB8AF0135CF544156E514BBB91E730DA29CBA2
                                                                                                                Function 6CC356A3 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 107COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC6988C: __EH_prolog3.LIBCMT ref: 6CC69893
                                                                                                                  • Part of subcall function 6CC6988C: GetCommandLineW.KERNEL32(0000002C,6CC6D52A,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC698B4
                                                                                                                  • Part of subcall function 6CC6988C: PathIsRelativeW.SHLWAPI(?,?,?,00000000,?,UiInfo.xml,?,?,00000000,?), ref: 6CC6996E
                                                                                                                  • Part of subcall function 6CC2A8CC: __EH_prolog3.LIBCMT ref: 6CC2A8D3
                                                                                                                  • Part of subcall function 6CC2A8CC: PathIsRelativeW.SHLWAPI(00000000,00000000,?,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC2A90B
                                                                                                                  • Part of subcall function 6CC2A8CC: GetModuleFileNameW.KERNEL32(00000010,00000104,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC2A964
                                                                                                                  • Part of subcall function 6CC2A8CC: __CxxThrowException@8.LIBCMT ref: 6CC2AA28
                                                                                                                  • Part of subcall function 6CC357E5: __EH_prolog3.LIBCMT ref: 6CC357EC
                                                                                                                  • Part of subcall function 6CC78EAB: _memcpy_s.LIBCMT ref: 6CC78EFC
                                                                                                                  • Part of subcall function 6CC2A8CC: SetFilePointer.KERNEL32(?,00000000,6CC1A794,00000001,?,00000000,00000000,00000002,?,80000000,00000001,00000003,00000080,00000000,00000000,?), ref: 6CC2AA49
                                                                                                                  • Part of subcall function 6CC2A8CC: ReadFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC2AA97
                                                                                                                  • Part of subcall function 6CC2A8CC: SysAllocStringLen.OLEAUT32(00000000,?), ref: 6CC2AAAC
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 6CC3578A
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 6CC35799
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 6CC357C7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3String$FileFree$PathRelative$AllocCommandException@8LineModuleNamePointerReadThrow_memcpy_s
                                                                                                                • String ID: ParameterInfo.xml$UiInfo.xml
                                                                                                                • API String ID: 3873923459-386449131
                                                                                                                • Opcode ID: 63e88835cf4679224ecbf6f3e5ad215ca311688a5df392da45006a2412d541fd
                                                                                                                • Instruction ID: e80a26e918acd83a9da9b021c239263015976e211c085e7589258126368f4dc0
                                                                                                                • Opcode Fuzzy Hash: 63e88835cf4679224ecbf6f3e5ad215ca311688a5df392da45006a2412d541fd
                                                                                                                • Instruction Fuzzy Hash: AA319EB2518345ABCB10DF68C944E8BBBE8FF99628F040E1DF49497750E735D9088BA2
                                                                                                                Function 6CC6972F Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 6CC35044: __EH_prolog3.LIBCMT ref: 6CC3504B
                                                                                                                  • Part of subcall function 6CC239AD: __EH_prolog3.LIBCMT ref: 6CC239B4
                                                                                                                  • Part of subcall function 6CC2A8CC: __EH_prolog3.LIBCMT ref: 6CC2A8D3
                                                                                                                  • Part of subcall function 6CC2A8CC: PathIsRelativeW.SHLWAPI(00000000,00000000,?,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC2A90B
                                                                                                                  • Part of subcall function 6CC2A8CC: GetModuleFileNameW.KERNEL32(00000010,00000104,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC2A964
                                                                                                                  • Part of subcall function 6CC2A8CC: __CxxThrowException@8.LIBCMT ref: 6CC2AA28
                                                                                                                • GetCommandLineW.KERNEL32(?,?,?,?,9B5DCFA9,?,?,?,?,ParameterInfo.xml,?,?,00000738,6CC5FA6E,?,6CC1A794), ref: 6CC697B2
                                                                                                                  • Part of subcall function 6CC23E77: __EH_prolog3.LIBCMT ref: 6CC23E7E
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 6CC6985E
                                                                                                                  • Part of subcall function 6CC34798: __EH_prolog3.LIBCMT ref: 6CC3479F
                                                                                                                  • Part of subcall function 6CC350D5: __EH_prolog3_catch.LIBCMT ref: 6CC350DC
                                                                                                                  • Part of subcall function 6CC350D5: CoInitialize.OLE32(00000000), ref: 6CC3512A
                                                                                                                  • Part of subcall function 6CC350D5: CoCreateInstance.OLE32(6CC1A974,00000000,00000017,6CC1A9A4,00000738,?,?,?,00000000,?,?,?,9B5DCFA9,?,?,?), ref: 6CC35148
                                                                                                                  • Part of subcall function 6CC350D5: CoUninitialize.COMBASE(025122C8,?,succeeded,?,?,?,00000000,?,?,?,9B5DCFA9,?,?,?), ref: 6CC351E6
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 6CC69818
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 6CC69833
                                                                                                                Strings
                                                                                                                • Loading localized engine data for language %d from %s, xrefs: 6CC6977B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$FreeString$CommandCreateException@8FileH_prolog3_catchInitializeInstanceLineModuleNamePathRelativeThrowUninitialize
                                                                                                                • String ID: Loading localized engine data for language %d from %s
                                                                                                                • API String ID: 509998568-3315213612
                                                                                                                • Opcode ID: dd6af89a17f790a433a047a0415f14ed8a38415a56cfe744177ca63e0c29ddbf
                                                                                                                • Instruction ID: 0bee0e42aeb7f0a7a7a81e2913826463a45e13e32fb18ec77112c74edbcb6652
                                                                                                                • Opcode Fuzzy Hash: dd6af89a17f790a433a047a0415f14ed8a38415a56cfe744177ca63e0c29ddbf
                                                                                                                • Instruction Fuzzy Hash: 6C411B72408344AFD711DF68C845F9BBBE8FF95328F040A1EF59592691EB39D508CBA2
                                                                                                                Function 6CC319AD Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 103COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC319B4
                                                                                                                  • Part of subcall function 6CC28B9F: __EH_prolog3.LIBCMT ref: 6CC28BA6
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC31ADE
                                                                                                                Strings
                                                                                                                • can only have one logical or arithmietic expression for a child node, xrefs: 6CC31A54
                                                                                                                • ParameterInfo.xml, xrefs: 6CC31902, 6CC31A2F
                                                                                                                • schema validation failure: , xrefs: 6CC31A40
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8Throw
                                                                                                                • String ID: can only have one logical or arithmietic expression for a child node$ParameterInfo.xml$schema validation failure:
                                                                                                                • API String ID: 2489616738-4045823434
                                                                                                                • Opcode ID: 83f5dee5ae6cfe5cb35044117e5cf8e1460cb8e94c36824b80cd9ae61da57f9a
                                                                                                                • Instruction ID: 690a2ac6e2c5b105d1e2b0d23b6f3657383cab65d5769366e68a58cffeaf1367
                                                                                                                • Opcode Fuzzy Hash: 83f5dee5ae6cfe5cb35044117e5cf8e1460cb8e94c36824b80cd9ae61da57f9a
                                                                                                                • Instruction Fuzzy Hash: 5B413F71901109AFCB10DFA8C944FEEBBB8BF05318F248559E114EB780EB35DA09CB61
                                                                                                                Function 640E2661 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E2668
                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,00000008,640E50B8,?,?,?,00000000,640E5C04,?,?,?,00000048,?), ref: 640E2744
                                                                                                                  • Part of subcall function 640F0686: __EH_prolog3.LIBCMT ref: 640F068D
                                                                                                                  • Part of subcall function 640F0686: __recalloc.LIBCMT ref: 640F06D5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$ExceptionRaise__recalloc
                                                                                                                • String ID: 0$0$0
                                                                                                                • API String ID: 3369754026-3137946472
                                                                                                                • Opcode ID: f1fc50593f817a72ed3e7a736cf37c555bda7a0a0bea431e91e1a611dd0e04c0
                                                                                                                • Instruction ID: 0ada277eaea288b1a23ae89e703f09de0fca6fca9c3c4aee3220f881531e7114
                                                                                                                • Opcode Fuzzy Hash: f1fc50593f817a72ed3e7a736cf37c555bda7a0a0bea431e91e1a611dd0e04c0
                                                                                                                • Instruction Fuzzy Hash: BF31A6B490066AEFDB00CF55C9C0AAEF7B0BF44318B64C92DE9699B601C770E9A1CB51
                                                                                                                Function 6CC31C2E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC31C35
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC319AD: __EH_prolog3.LIBCMT ref: 6CC319B4
                                                                                                                  • Part of subcall function 6CC319AD: __CxxThrowException@8.LIBCMT ref: 6CC31ADE
                                                                                                                  • Part of subcall function 6CC28AAC: __EH_prolog3.LIBCMT ref: 6CC28AB3
                                                                                                                  • Part of subcall function 6CC28AAC: __CxxThrowException@8.LIBCMT ref: 6CC28B39
                                                                                                                  • Part of subcall function 6CC292D1: __EH_prolog3.LIBCMT ref: 6CC292D8
                                                                                                                  • Part of subcall function 6CC2838A: __EH_prolog3.LIBCMT ref: 6CC28391
                                                                                                                  • Part of subcall function 6CC2A378: __EH_prolog3.LIBCMT ref: 6CC2A37F
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC31D02
                                                                                                                  • Part of subcall function 6CC814AA: KiUserExceptionDispatcher.NTDLL(?,?,6CC7C129,00000C00,?,?,?,?,6CC7C129,00000C00,6CC9BA3C,6CCB76D4,00000C00,00000020,6CC5F845,?), ref: 6CC814EC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8Throw$DispatcherExceptionUser
                                                                                                                • String ID: IsPresent$ParameterInfo.xml$schema validation failure: IsPresent can only be authored once.
                                                                                                                • API String ID: 2724732616-4158871691
                                                                                                                • Opcode ID: 042f07d36f01f5b3f77facbd78231d301ae86900cdec15da59f329a327c96bfa
                                                                                                                • Instruction ID: e17bd57fb2adc1e4192ea466d0e27880a8ba2ca0c748daa2cd8a144695b5f1a6
                                                                                                                • Opcode Fuzzy Hash: 042f07d36f01f5b3f77facbd78231d301ae86900cdec15da59f329a327c96bfa
                                                                                                                • Instruction Fuzzy Hash: 98216A72810148AACF10DBA8CD44FEE7BB8AF15318F148149F164ABB80EB35DB1CC762
                                                                                                                Function 6CC6360F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CheckTokenMembership.KERNELBASE(00000000,?,?), ref: 6CC6365F
                                                                                                                • GetLastError.KERNEL32 ref: 6CC63669
                                                                                                                  • Part of subcall function 6CC27479: __EH_prolog3.LIBCMT ref: 6CC27480
                                                                                                                • GetLastError.KERNEL32 ref: 6CC6368B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$CheckH_prolog3MembershipToken
                                                                                                                • String ID: AllocateAndInitializeSid$CheckTokenMembership
                                                                                                                • API String ID: 3752544998-2579124284
                                                                                                                • Opcode ID: 5bf1c143cb8ee9ab7de7760e6fb3371ba22e7db9e593cf6e8d84c89dcc386217
                                                                                                                • Instruction ID: 6210d49c8d1b55c11aaa2f3e7a7561cfb8cff91ac25f626a3683ac046d50540c
                                                                                                                • Opcode Fuzzy Hash: 5bf1c143cb8ee9ab7de7760e6fb3371ba22e7db9e593cf6e8d84c89dcc386217
                                                                                                                • Instruction Fuzzy Hash: 28119374B00209AFDB04DFA9C999C6EB7F4FF48318B11091DE442A3B40EB70D900CB60
                                                                                                                Function 6CC358F5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC358FC
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC2A8CC: __EH_prolog3.LIBCMT ref: 6CC2A8D3
                                                                                                                  • Part of subcall function 6CC2A8CC: PathIsRelativeW.SHLWAPI(00000000,00000000,?,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC2A90B
                                                                                                                  • Part of subcall function 6CC2A8CC: GetModuleFileNameW.KERNEL32(00000010,00000104,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC2A964
                                                                                                                  • Part of subcall function 6CC2A8CC: __CxxThrowException@8.LIBCMT ref: 6CC2AA28
                                                                                                                • StrPBrkW.SHLWAPI(00000000,) <>",#(loc.,?,6CC5FA6E,6CC5FA6E,00000718,025122C8,?,00000000,00000010,6CC36171,00000000,00000748,?,ParameterInfo.xml), ref: 6CC35972
                                                                                                                • SysFreeString.OLEAUT32(6CC5FA6E), ref: 6CC359A3
                                                                                                                  • Part of subcall function 6CC78C9E: _memcpy_s.LIBCMT ref: 6CC78CE4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8FileFreeModuleNamePathRelativeStringThrow_memcpy_s
                                                                                                                • String ID: #(loc.$) <>"
                                                                                                                • API String ID: 3035459583-3905424865
                                                                                                                • Opcode ID: 1a1e36815fa630b36b244b82e2bc52fe49d82973726470b29e0bd605b9e7d72b
                                                                                                                • Instruction ID: d67b198969157848802ac66f807b3aab2c3742b0569b9b5c3e71403e25f70f70
                                                                                                                • Opcode Fuzzy Hash: 1a1e36815fa630b36b244b82e2bc52fe49d82973726470b29e0bd605b9e7d72b
                                                                                                                • Instruction Fuzzy Hash: A6118171E1122A9FCF10DBA4CC049EEBB79BF0136CB450915E524A7B90F775D91A8BA0
                                                                                                                Function 6CC5586D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60synchronizationCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC55874
                                                                                                                • OpenMutexW.KERNEL32(00100000,00000000,00000030,?,Global\,00000000,6CC6BDA7,?,00000000,?,?,?,?,?,Command-line option error: ,?), ref: 6CC558FB
                                                                                                                • CreateMutexW.KERNEL32(00000000,00000000,00000030), ref: 6CC5590B
                                                                                                                • GetLastError.KERNEL32 ref: 6CC55913
                                                                                                                  • Part of subcall function 6CC58CD5: __EH_prolog3.LIBCMT ref: 6CC58CDC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3Mutex$CreateErrorLastOpen
                                                                                                                • String ID: Global\
                                                                                                                • API String ID: 2685780869-188423391
                                                                                                                • Opcode ID: c4e0db1be328a565d647fbee48c7dcbe8bacbf14e466d0a2e1923697cbfef9f5
                                                                                                                • Instruction ID: 05a86897e260d19a44c99850211c76cc63b87c388c18298adfe61f7654c5dedb
                                                                                                                • Opcode Fuzzy Hash: c4e0db1be328a565d647fbee48c7dcbe8bacbf14e466d0a2e1923697cbfef9f5
                                                                                                                • Instruction Fuzzy Hash: 6721AFB0601244DFDB01DF28C488B9A7BF1EF45328F248459E855CF742EB74D964CBA6
                                                                                                                Function 6CC44A3F Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC44A46
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: evaluates to 'in maintenance mode'$ evaluates to 'not in maintenance mode'$MaintenanceMode determination$evaluating EnterMaintenanceModeIf
                                                                                                                • API String ID: 431132790-4185790000
                                                                                                                • Opcode ID: a574eb461eb1eca4fe69bc888246fe2fa6faa178bb7d47cdd0633e9aa98a9869
                                                                                                                • Instruction ID: 9279ffecb48e3b54689921f0675bfa753625ab5a86ad5d62dd35ad1de387859e
                                                                                                                • Opcode Fuzzy Hash: a574eb461eb1eca4fe69bc888246fe2fa6faa178bb7d47cdd0633e9aa98a9869
                                                                                                                • Instruction Fuzzy Hash: 04118E71900149EFCF00DFA8C884FEEBBB8AF05308F14849AE550AB741E771DA48CB61
                                                                                                                Function 6CC6FF5C Relevance: 8.2, APIs: 2, Strings: 3, Instructions: 651COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(?,9B5DCFA9), ref: 6CC6FF9B
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 6CC70900
                                                                                                                  • Part of subcall function 6CC24CB2: __EH_prolog3.LIBCMT ref: 6CC24CB9
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC58CD5: __EH_prolog3.LIBCMT ref: 6CC58CDC
                                                                                                                  • Part of subcall function 6CC2391D: __EH_prolog3.LIBCMT ref: 6CC23924
                                                                                                                  • Part of subcall function 6CC7C0AA: _malloc.LIBCMT ref: 6CC7C0C4
                                                                                                                  • Part of subcall function 6CC424CD: __EH_prolog3.LIBCMT ref: 6CC424D4
                                                                                                                  • Part of subcall function 6CC424CD: __CxxThrowException@8.LIBCMT ref: 6CC4255B
                                                                                                                  • Part of subcall function 6CC72306: __EH_prolog3.LIBCMT ref: 6CC7230D
                                                                                                                  • Part of subcall function 6CC74C0C: __EH_prolog3.LIBCMT ref: 6CC74C13
                                                                                                                  • Part of subcall function 6CC5BC09: __EH_prolog3.LIBCMT ref: 6CC5BC10
                                                                                                                  • Part of subcall function 6CC74EE6: __EH_prolog3.LIBCMT ref: 6CC74EED
                                                                                                                  • Part of subcall function 6CC74EE6: __recalloc.LIBCMT ref: 6CC74EFB
                                                                                                                  • Part of subcall function 6CC74EE6: __recalloc.LIBCMT ref: 6CC74F17
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$CriticalSection__recalloc$EnterException@8LeaveThrow_malloc
                                                                                                                • String ID: determination is complete$Applicability for $evaluating each item
                                                                                                                • API String ID: 283897231-3228949585
                                                                                                                • Opcode ID: e42627a6dca6755ebeaf0ca24ccbb6193d525da1961f0455807b3bfd9d12089b
                                                                                                                • Instruction ID: ccb10c64211daf4f69c07da884abd9422e5e7935022337d519a144346f8fc671
                                                                                                                • Opcode Fuzzy Hash: e42627a6dca6755ebeaf0ca24ccbb6193d525da1961f0455807b3bfd9d12089b
                                                                                                                • Instruction Fuzzy Hash: A45213715083819FD721CF68C480A9ABBF4FF88318F44491EF5989B761EB71E949CB62
                                                                                                                Function 6CC6A4AF Relevance: 7.7, APIs: 5, Instructions: 163COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC6A4B6
                                                                                                                • GetTokenInformation.KERNELBASE(?,00000001,00000000,00000000,?,?,?,6CC6A210,?,00000000,?,?,6CC54B23), ref: 6CC6A523
                                                                                                                • GetTokenInformation.KERNELBASE(?,00000001,00000000,00000008,00000008,00000008,?,?,6CC6A210,?,00000000,?,?,6CC54B23), ref: 6CC6A566
                                                                                                                • LookupAccountSidW.ADVAPI32(00000000,00000000,00000000,00000008,00000010,00000008,6CC54614,00000008,00000104,?,?,6CC6A210,?,00000000), ref: 6CC6A59C
                                                                                                                  • Part of subcall function 6CC78AFC: _wcsnlen.LIBCMT ref: 6CC78B0C
                                                                                                                • CloseHandle.KERNEL32(?,?,?,6CC6A210,?,00000000,?,?,6CC54B23), ref: 6CC6A5CF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InformationToken$AccountCloseH_prolog3HandleLookup_wcsnlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 1930416738-0
                                                                                                                • Opcode ID: c04613e3ebe619e06b0f456763d16cf35c1a953a3bfc3d0b7d0c908f4618ade1
                                                                                                                • Instruction ID: d50468d0254f723547e216594f341fc81b532b739ac20f81419642575c5212ff
                                                                                                                • Opcode Fuzzy Hash: c04613e3ebe619e06b0f456763d16cf35c1a953a3bfc3d0b7d0c908f4618ade1
                                                                                                                • Instruction Fuzzy Hash: CD615A729002199FDF11CFA8C845AEE7BB5FF04328F104609F960A7690EB74DA198BA1
                                                                                                                Function 6CC54880 Relevance: 7.6, APIs: 5, Instructions: 136threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 6CC5488A
                                                                                                                  • Part of subcall function 6CC531D3: __EH_prolog3_catch.LIBCMT ref: 6CC531DA
                                                                                                                  • Part of subcall function 6CC531D3: _free.LIBCMT ref: 6CC53269
                                                                                                                • GetCurrentThread.KERNEL32 ref: 6CC5495F
                                                                                                                • OpenThreadToken.ADVAPI32(00000000,00000008,00000001,?), ref: 6CC54971
                                                                                                                • GetCurrentProcess.KERNEL32 ref: 6CC5497B
                                                                                                                • OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6CC5498B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentOpenProcessThreadToken$H_prolog3_H_prolog3_catch_free
                                                                                                                • String ID:
                                                                                                                • API String ID: 4058884840-0
                                                                                                                • Opcode ID: a7a48de5238d5bd0d94e1409ef5e1b898dee178ce7993db40fd49969cfafc4b4
                                                                                                                • Instruction ID: 9e033234439e3f3622b16dcf49ca87c03770370e578fe5e23670f8009d03ee0c
                                                                                                                • Opcode Fuzzy Hash: a7a48de5238d5bd0d94e1409ef5e1b898dee178ce7993db40fd49969cfafc4b4
                                                                                                                • Instruction Fuzzy Hash: 335107B19002598BDB24CFA4C995BDDB7B4BF14308F5044EDD10AB7A81EB705E98CF64
                                                                                                                Function 6CC35CE1 Relevance: 7.6, APIs: 5, Instructions: 113comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC35CE8
                                                                                                                  • Part of subcall function 6CC2A8CC: __EH_prolog3.LIBCMT ref: 6CC2A8D3
                                                                                                                  • Part of subcall function 6CC2A8CC: PathIsRelativeW.SHLWAPI(00000000,00000000,?,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC2A90B
                                                                                                                  • Part of subcall function 6CC2A8CC: GetModuleFileNameW.KERNEL32(00000010,00000104,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC2A964
                                                                                                                  • Part of subcall function 6CC2A8CC: __CxxThrowException@8.LIBCMT ref: 6CC2AA28
                                                                                                                • CoInitialize.OLE32(00000000), ref: 6CC35D1A
                                                                                                                • CoCreateInstance.OLE32(6CC1A974,00000000,00000017,6CC1A9A4,?,?,?,00000014,6CC35F14,?,?,?,?,9B5DCFA9,ParameterInfo.xml,00000000), ref: 6CC35D38
                                                                                                                • CoUninitialize.COMBASE(?,?,00000014,6CC35F14,?,?,?,?,9B5DCFA9,ParameterInfo.xml,00000000,?,ParameterInfo.xml,?,00000000,?), ref: 6CC35DE8
                                                                                                                • SysFreeString.OLEAUT32(00000738), ref: 6CC35DF1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$CreateException@8FileFreeInitializeInstanceModuleNamePathRelativeStringThrowUninitialize
                                                                                                                • String ID:
                                                                                                                • API String ID: 2737710906-0
                                                                                                                • Opcode ID: 6d0163b81bc6b5252516a28255b1abe59399c9b8eecf7d0ff9d0c7049b56042e
                                                                                                                • Instruction ID: 212efd5b48ac01f2a962c0311ea0cf4c6f29ab4578cb158848604ae972fdb47b
                                                                                                                • Opcode Fuzzy Hash: 6d0163b81bc6b5252516a28255b1abe59399c9b8eecf7d0ff9d0c7049b56042e
                                                                                                                • Instruction Fuzzy Hash: 83414A70A01249EFDB00CFA4C988AAEBBB5BF45308F2484A8F559DF641D735DA45CB60
                                                                                                                Function 6CC69BB9 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC69BC3
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC2A8CC: __EH_prolog3.LIBCMT ref: 6CC2A8D3
                                                                                                                  • Part of subcall function 6CC2A8CC: PathIsRelativeW.SHLWAPI(00000000,00000000,?,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC2A90B
                                                                                                                  • Part of subcall function 6CC2A8CC: GetModuleFileNameW.KERNEL32(00000010,00000104,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6CC2A964
                                                                                                                  • Part of subcall function 6CC2A8CC: __CxxThrowException@8.LIBCMT ref: 6CC2AA28
                                                                                                                • GetCommandLineW.KERNEL32(?,?,6CC1A794,?,?,00000164,6CC44730,025122C8,6CC1A794,?,?,?,6CC6B57F,?,00000000,?), ref: 6CC69BEF
                                                                                                                  • Part of subcall function 6CC23E77: __EH_prolog3.LIBCMT ref: 6CC23E7E
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 6CC69C42
                                                                                                                • SysFreeString.OLEAUT32(6CC5FA6E), ref: 6CC69CCC
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 6CC69CF3
                                                                                                                  • Part of subcall function 6CC4473C: __EH_prolog3_catch.LIBCMT ref: 6CC44746
                                                                                                                  • Part of subcall function 6CC4473C: CoInitialize.OLE32(00000000), ref: 6CC447F7
                                                                                                                  • Part of subcall function 6CC4473C: CoCreateInstance.OLE32(6CC1A974,00000000,00000017,6CC1A9A4,?,?,?,?,?,6CC23864,?,00000000,00000000,6CC5FA6E,00000738,IronMan::EngineData::CreateEngineData), ref: 6CC44815
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$FreeString$CommandCreateException@8FileH_prolog3_catchInitializeInstanceLineModuleNamePathRelativeThrow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3727545618-0
                                                                                                                • Opcode ID: 70a412777d546f9f75d064e1bcdcbc8e641d60e0459968b65a0daa7469680fc7
                                                                                                                • Instruction ID: 26859b0938741bc8e611d406a52030cf0ad5ff320509b3e79b9c16eb9368a940
                                                                                                                • Opcode Fuzzy Hash: 70a412777d546f9f75d064e1bcdcbc8e641d60e0459968b65a0daa7469680fc7
                                                                                                                • Instruction Fuzzy Hash: 9C41157280024DEFCF11DFA4CD44AEEBBB9AF05318F10815AF514A7690EB349A59CB61
                                                                                                                Function 640F5EC4 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CallWindowProcW.USER32(?,?,?,?,?), ref: 640F5F27
                                                                                                                • GetWindowLongW.USER32(?,000000FC), ref: 640F5F3E
                                                                                                                • CallWindowProcW.USER32(?,?,00000082,?,?), ref: 640F5F50
                                                                                                                • GetWindowLongW.USER32(?,000000FC), ref: 640F5F6A
                                                                                                                • SetWindowLongW.USER32(?,000000FC,?), ref: 640F5F79
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Long$CallProc
                                                                                                                • String ID:
                                                                                                                • API String ID: 513923721-0
                                                                                                                • Opcode ID: d2f5f9a3616de133ae94115f9e1d3de8cc56681aa4852c962c4e94506040b328
                                                                                                                • Instruction ID: 548ed3eb8b5c48dfccb18daa9b01e6e7f8173b4eddf715c4cfd0555cbdb2fc1b
                                                                                                                • Opcode Fuzzy Hash: d2f5f9a3616de133ae94115f9e1d3de8cc56681aa4852c962c4e94506040b328
                                                                                                                • Instruction Fuzzy Hash: 75316935500618EFCF20CF64CC84A9ABBF5FF88320B108629F8AA97261D731E955DF90
                                                                                                                Function 640E6655 Relevance: 7.6, APIs: 5, Instructions: 72windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 640E665C
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640EF35E: __EH_prolog3.LIBCMT ref: 640EF365
                                                                                                                  • Part of subcall function 640EF35E: __recalloc.LIBCMT ref: 640EF3A7
                                                                                                                • _memset.LIBCMT ref: 640E66C3
                                                                                                                • GetClientRect.USER32 ref: 640E66E6
                                                                                                                • SendMessageW.USER32(00000001,00000432,00000000,?), ref: 640E66FC
                                                                                                                  • Part of subcall function 640F81DE: _memcpy_s.LIBCMT ref: 640F8224
                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,00000040,640E730F,?,?,?,?,?,?,?,?,?), ref: 640E6713
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$ClientExceptionH_prolog3_MessageRaiseRectSend__recalloc_memcpy_s_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 4097222183-0
                                                                                                                • Opcode ID: f65d6057ce36fe4bb233b69921fce26a50525d63884aa058ed9e378703937244
                                                                                                                • Instruction ID: ee0e4eb6e97524987fdd00d5fc337b867c7591f8883ad93bacfb11c294e79cd5
                                                                                                                • Opcode Fuzzy Hash: f65d6057ce36fe4bb233b69921fce26a50525d63884aa058ed9e378703937244
                                                                                                                • Instruction Fuzzy Hash: 4A214C71900128EFDB20DFA4C888E9EBBB8FF45718F148419F954AB250DB30AA06CF50
                                                                                                                Function 6CC80F64 Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _malloc.LIBCMT ref: 6CC80F72
                                                                                                                  • Part of subcall function 6CC7BFB3: __FF_MSGBANNER.LIBCMT ref: 6CC7BFCC
                                                                                                                  • Part of subcall function 6CC7BFB3: __NMSG_WRITE.LIBCMT ref: 6CC7BFD3
                                                                                                                  • Part of subcall function 6CC7BFB3: RtlAllocateHeap.NTDLL(00000000,00000001,?,6CC5831D,00000000,?,6CC7C0C9,6CC5F845,00000C00,00000020,6CC5F845,?), ref: 6CC7BFF8
                                                                                                                • _free.LIBCMT ref: 6CC80F85
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap_free_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1020059152-0
                                                                                                                • Opcode ID: 04cdb9fe0e1f6adc2b89dab173dbb1d1353b2ea0fcfad3ac8cf8034525037d7f
                                                                                                                • Instruction ID: 82ad9b9dd4f6e44da9dff46d5b53f6989f5fbec6be470a47af93f485e23c79a2
                                                                                                                • Opcode Fuzzy Hash: 04cdb9fe0e1f6adc2b89dab173dbb1d1353b2ea0fcfad3ac8cf8034525037d7f
                                                                                                                • Instruction Fuzzy Hash: DF11B9325476559BDB211B79AA0468B3EB4EF4136DF25C125E854DAA40FF34C44486A0
                                                                                                                Function 6CC45238 Relevance: 7.5, APIs: 5, Instructions: 49processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,00000000), ref: 6CC45254
                                                                                                                • _memset.LIBCMT ref: 6CC4526E
                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 6CC45288
                                                                                                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 6CC452A3
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 6CC452B7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2526126748-0
                                                                                                                • Opcode ID: 8dbe21d7045de04ddad045a49dfdc82dab9f92974e10cd29a2edcd06a31bd3fe
                                                                                                                • Instruction ID: b50cbdf053f57878bf4d0020af942568be1de400e4c566bc48dbd0cbb0c99152
                                                                                                                • Opcode Fuzzy Hash: 8dbe21d7045de04ddad045a49dfdc82dab9f92974e10cd29a2edcd06a31bd3fe
                                                                                                                • Instruction Fuzzy Hash: 08019631A01018ABC720DBA5DC4CDDEBB78FB86318F514159E914D3680E7349F45CAA1
                                                                                                                Function 640DF24C Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32(?), ref: 640DF257
                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 640DF286
                                                                                                                • ShowWindow.USER32(00000000,00000005), ref: 640DF28F
                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 640DF2A5
                                                                                                                • KiUserCallbackDispatcher.NTDLL(00000000,00000000), ref: 640DF2AE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Show$CallbackDispatcherItemTextUser
                                                                                                                • String ID:
                                                                                                                • API String ID: 3009180066-0
                                                                                                                • Opcode ID: 60518d464bf0155d503a8a5b5a0b529d729dfcae0dc571be22bb34afcaf53c39
                                                                                                                • Instruction ID: 714be3b44f5eb80f459ada95f221850facf2c0c55a2f91f26df0016dc27ad853
                                                                                                                • Opcode Fuzzy Hash: 60518d464bf0155d503a8a5b5a0b529d729dfcae0dc571be22bb34afcaf53c39
                                                                                                                • Instruction Fuzzy Hash: D2012838304220AFCB109F68C88CF29BBEAEF4D701F508454FA828B2A1CB359855CF94
                                                                                                                Function 6CC32E48 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 253COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC32E4F
                                                                                                                  • Part of subcall function 6CC59653: _free.LIBCMT ref: 6CC59698
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3_free
                                                                                                                • String ID: evaluated to false$ evaluated to true$BlockIf
                                                                                                                • API String ID: 2248394366-2909538125
                                                                                                                • Opcode ID: 87436d56cb4d5ef3a6f4934ab1c093a68b324257630dea3973cc4b1564349d30
                                                                                                                • Instruction ID: bebb4eb2fb8418874e6d9b205a5b6a00c21900e3a898f518f802fa54fc22b980
                                                                                                                • Opcode Fuzzy Hash: 87436d56cb4d5ef3a6f4934ab1c093a68b324257630dea3973cc4b1564349d30
                                                                                                                • Instruction Fuzzy Hash: B0A16B71900219DFCF10CFA8D984ADEBBB5FF08318F144199E518AB791E735EA1ACB61
                                                                                                                Function 6CC54513 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 251COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC545A2
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC28329: __EH_prolog3.LIBCMT ref: 6CC28330
                                                                                                                  • Part of subcall function 6CC28129: SetFilePointer.KERNEL32(?,?,?,00000000,?,?,?,6CC2AA3A,?,00000000,00000000,00000002,?,80000000,00000001,00000003), ref: 6CC28149
                                                                                                                Strings
                                                                                                                • Cannot get valid temp folder, xrefs: 6CC5456D
                                                                                                                • .htm, xrefs: 6CC54763
                                                                                                                • Cannot create file or delete file in Temp directory , xrefs: 6CC545C5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8FilePointerThrow
                                                                                                                • String ID: .htm$Cannot create file or delete file in Temp directory $Cannot get valid temp folder
                                                                                                                • API String ID: 1975055723-2150540039
                                                                                                                • Opcode ID: 0d2fa2c4f38a578816d8c227e7d56f9e046c5b8e0e9ee029af512dc91a1fb6f2
                                                                                                                • Instruction ID: 62c0e529a54470026d4175df1025e46b94f1eb895395bf597ecaf96eca93f60b
                                                                                                                • Opcode Fuzzy Hash: 0d2fa2c4f38a578816d8c227e7d56f9e046c5b8e0e9ee029af512dc91a1fb6f2
                                                                                                                • Instruction Fuzzy Hash: 9BA16D711083449FD710DFA9C844F8EBBE8BF85328F444A1EF5A097B90EB74D5298B66
                                                                                                                Function 640E3E14 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 233COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E3E1B
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: Height$Hide$Width
                                                                                                                • API String ID: 431132790-1313002608
                                                                                                                • Opcode ID: 5abdf52f45e1b3d91fd3aff9c25e9252c8e7b57ed7c021703cbfa40ed678adc2
                                                                                                                • Instruction ID: b24fc7f62d7013c14e1a2839f987fc82e694a615e593192b06bc3b59a461e800
                                                                                                                • Opcode Fuzzy Hash: 5abdf52f45e1b3d91fd3aff9c25e9252c8e7b57ed7c021703cbfa40ed678adc2
                                                                                                                • Instruction Fuzzy Hash: 8CA12F71900259DFEB01CFE8C944BEEBBF8AF09328F148155E464EB391D774AA49CB61
                                                                                                                Function 6CC42E7C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 192COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC42E83
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC42DBC: __EH_prolog3.LIBCMT ref: 6CC42DC3
                                                                                                                  • Part of subcall function 6CC591D4: __EH_prolog3.LIBCMT ref: 6CC591DB
                                                                                                                  • Part of subcall function 6CC591D4: __recalloc.LIBCMT ref: 6CC5921D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$__recalloc
                                                                                                                • String ID: No ProcessBlock element$ProcessBlock added$ProcessBlocks
                                                                                                                • API String ID: 1900422986-3251087430
                                                                                                                • Opcode ID: 365bfe928e6eb83b651e2cac24a4ac40d7631e35ba8d31af15bd5e93e6f49d42
                                                                                                                • Instruction ID: c916606861d48e3626766703217b63e3f7af0bd00551211cda11ee5a1b810adf
                                                                                                                • Opcode Fuzzy Hash: 365bfe928e6eb83b651e2cac24a4ac40d7631e35ba8d31af15bd5e93e6f49d42
                                                                                                                • Instruction Fuzzy Hash: 82716070A00249DFDF00CFA8C888AAEBBB5BF89308F548569E515EB791D7319E45CB61
                                                                                                                Function 6CC431C4 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 192COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC431CB
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC43104: __EH_prolog3.LIBCMT ref: 6CC4310B
                                                                                                                  • Part of subcall function 6CC591D4: __EH_prolog3.LIBCMT ref: 6CC591DB
                                                                                                                  • Part of subcall function 6CC591D4: __recalloc.LIBCMT ref: 6CC5921D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$__recalloc
                                                                                                                • String ID: No ServiceBlock element$ServiceBlock added$ServiceBlocks
                                                                                                                • API String ID: 1900422986-3373415214
                                                                                                                • Opcode ID: 6f3b48c9cce5e3ed5dfaf725b02ea85ecb26d552ab85414b8c8c05353b5c73d8
                                                                                                                • Instruction ID: 69887a4c2371de98b896267180011233add1f353c3a05ae314352fd846c081bf
                                                                                                                • Opcode Fuzzy Hash: 6f3b48c9cce5e3ed5dfaf725b02ea85ecb26d552ab85414b8c8c05353b5c73d8
                                                                                                                • Instruction Fuzzy Hash: AF716270A00249DFCF00CFE8C884AAEBBB5BF89308F248469E515EB791D7359E45CB61
                                                                                                                Function 6CC572E4 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 157COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 6CC572EB
                                                                                                                  • Part of subcall function 6CC243C4: __EH_prolog3.LIBCMT ref: 6CC243CB
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC58ED0: __EH_prolog3.LIBCMT ref: 6CC58ED7
                                                                                                                  • Part of subcall function 6CC58ED0: PathFindExtensionW.SHLWAPI(?,00000004,6CC57362,?,?,?,00000000,?,?), ref: 6CC58F01
                                                                                                                  • Part of subcall function 6CC7C0AA: _malloc.LIBCMT ref: 6CC7C0C4
                                                                                                                  • Part of subcall function 6CC53B2B: __EH_prolog3.LIBCMT ref: 6CC53B32
                                                                                                                  • Part of subcall function 6CC53B2B: InitializeCriticalSection.KERNEL32(00000002,?,00000000,00000000,00000002,?,?,00000000,?,?,?,?,00000008,6CC5EC79,?,?), ref: 6CC53BC9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$CriticalExtensionFindH_prolog3_catchInitializePathSection_malloc
                                                                                                                • String ID: .htm$.html$.txt
                                                                                                                • API String ID: 2678321574-1806469533
                                                                                                                • Opcode ID: 719e39aed9e4b09a3f2817bacda42d69f427767ee2c2d4c7a0ab0ddc98fe171a
                                                                                                                • Instruction ID: 6dbcaeef55a45b9971fdd749d48db58e44bd32356cfbe13edb2db4b19638918a
                                                                                                                • Opcode Fuzzy Hash: 719e39aed9e4b09a3f2817bacda42d69f427767ee2c2d4c7a0ab0ddc98fe171a
                                                                                                                • Instruction Fuzzy Hash: C851A130914249DEDB10DBA8C804BDE7BE8BF05318F508156E414EBB80FB78D668DB76
                                                                                                                Function 6CC5A622 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 111COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorH_prolog3Last
                                                                                                                • String ID: DW\DW20.exe$Failed to record SetupFlags
                                                                                                                • API String ID: 685212868-3543485478
                                                                                                                • Opcode ID: 91fdbce64dc02b76542958106fb663cb6b8dbb3f7896f1aa121adbe0236e6b2b
                                                                                                                • Instruction ID: c839693ec0e171ac5918ccc6893f47dbe814345ba760456bfd54a182e211b025
                                                                                                                • Opcode Fuzzy Hash: 91fdbce64dc02b76542958106fb663cb6b8dbb3f7896f1aa121adbe0236e6b2b
                                                                                                                • Instruction Fuzzy Hash: 2C418C31900109DFCB10CBB8C985AEEBBB5BF45318F54465AE510AB781EB34DA19CBB1
                                                                                                                Function 6CC63439 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC63440
                                                                                                                • PathStripToRootW.SHLWAPI(00000000,C600000B,6CC5FA6E,00000010,?,?,00000738,6CC5FA6E,?,6CC1A794,025122C8), ref: 6CC634D8
                                                                                                                • GetLastError.KERNEL32(?,?,00000738,6CC5FA6E,?,6CC1A794,025122C8), ref: 6CC6350D
                                                                                                                Strings
                                                                                                                • Failed to record SystemMemory, xrefs: 6CC63527
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorH_prolog3LastPathRootStrip
                                                                                                                • String ID: Failed to record SystemMemory
                                                                                                                • API String ID: 1831876552-335854511
                                                                                                                • Opcode ID: dea5e74febeeb1389e0917c467aee70f471eab8e20df08ead7b6e5c1febb700d
                                                                                                                • Instruction ID: b8598181db7fcbf589bebb58dd85a23e5fed4086c9c4d6b6fb5a09a862c21c1a
                                                                                                                • Opcode Fuzzy Hash: dea5e74febeeb1389e0917c467aee70f471eab8e20df08ead7b6e5c1febb700d
                                                                                                                • Instruction Fuzzy Hash: A6318D71A0011A9FCB10DBB5C989AEEBB75FF05328B140658E611E7B90EB34D949CBA0
                                                                                                                Function 6CC57C9E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC57CA5
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC2391D: __EH_prolog3.LIBCMT ref: 6CC23924
                                                                                                                  • Part of subcall function 6CC2395E: __EH_prolog3.LIBCMT ref: 6CC23965
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: Package Name = %s$Package Version = %s$Package details
                                                                                                                • API String ID: 431132790-2412997842
                                                                                                                • Opcode ID: a33d1c841949d2ecc625c7255bce93fca59a246c36f9df61d5435d2493773271
                                                                                                                • Instruction ID: 6bb4555cae4ae91514bccdc0e4a6aa4fd53ee8c9e9415d322232c57ab2926b5d
                                                                                                                • Opcode Fuzzy Hash: a33d1c841949d2ecc625c7255bce93fca59a246c36f9df61d5435d2493773271
                                                                                                                • Instruction Fuzzy Hash: BB318A71900149EFDF10DBA8C948FEEBBB4AF01318F148585E210BB790E775EA09DBA1
                                                                                                                Function 6CC2712B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC27132
                                                                                                                • SHGetFolderPathW.SHELL32(00000000,00000025,00000000,00000000,00000010), ref: 6CC27191
                                                                                                                • #195.MSI(00000010,00000000,00000104,00000000,00000000,00000104,00000010,MSI.dll), ref: 6CC27200
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #195FolderH_prolog3Path
                                                                                                                • String ID: MSI.dll
                                                                                                                • API String ID: 2462876523-3845536143
                                                                                                                • Opcode ID: 0b3d583917466504dac07bd48dce57511fe83691fc346ed4eaff6343940b1872
                                                                                                                • Instruction ID: f73a40a822159d3d29915ac0e15a4556729f32880b170461de91231117e68199
                                                                                                                • Opcode Fuzzy Hash: 0b3d583917466504dac07bd48dce57511fe83691fc346ed4eaff6343940b1872
                                                                                                                • Instruction Fuzzy Hash: 4B315C71A102099FDF14CFA8C888AFEBBB5FF04318F144559E510BB791E7749A098BA0
                                                                                                                Function 6CC5F821 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 6CC576A7: __EH_prolog3.LIBCMT ref: 6CC576AE
                                                                                                                  • Part of subcall function 6CC576A7: GetModuleHandleW.KERNEL32(kernel32.dll,00000020,6CC5F845,?), ref: 6CC57748
                                                                                                                  • Part of subcall function 6CC576A7: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 6CC57758
                                                                                                                  • Part of subcall function 6CC576A7: SetThreadStackGuarantee.KERNEL32(00020000), ref: 6CC5776D
                                                                                                                  • Part of subcall function 6CC576A7: SetUnhandledExceptionFilter.KERNEL32(6CC6416A), ref: 6CC57774
                                                                                                                  • Part of subcall function 6CC576A7: GetCommandLineW.KERNEL32 ref: 6CC5777A
                                                                                                                • _memset.LIBCMT ref: 6CC5F85B
                                                                                                                • GetEnvironmentVariableW.KERNEL32(DebugIronMan,?,000000FF,?,?,?), ref: 6CC5F874
                                                                                                                • DebugBreak.KERNEL32(?,?,?), ref: 6CC5F8B8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressBreakCommandDebugEnvironmentExceptionFilterGuaranteeH_prolog3HandleLineModuleProcStackThreadUnhandledVariable_memset
                                                                                                                • String ID: DebugIronMan
                                                                                                                • API String ID: 12115070-628588297
                                                                                                                • Opcode ID: 5c0df5457b5938aa57e779718ed168333794c11f15903271d7cd7f2f3359a1eb
                                                                                                                • Instruction ID: cd1004094c5c7adab9d10f23d7ef5fed23452023fc8bf0a623c301fe27e3a8a0
                                                                                                                • Opcode Fuzzy Hash: 5c0df5457b5938aa57e779718ed168333794c11f15903271d7cd7f2f3359a1eb
                                                                                                                • Instruction Fuzzy Hash: F01126B170020AAEDB14AF758909BD7B3F4EF05718F844664E416D7A41F730D665C758
                                                                                                                Function 6E332815 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetTokenInformation.KERNELBASE(?,/33n,00000000,00000000,00000000,00000000,00000000,?,?,6E3336C7,?,00000001), ref: 6E332835
                                                                                                                • GetLastError.KERNEL32(?,?,6E3336C7,?,00000001,?,?,?,?,6E33332F,?), ref: 6E33283B
                                                                                                                  • Part of subcall function 6E331967: malloc.MSVCRT(?,6E350554), ref: 6E331979
                                                                                                                • GetTokenInformation.KERNELBASE(?,?,00000000,?,?,?,?,6E3336C7,?,00000001,?,?,?,?,6E33332F,?), ref: 6E332863
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InformationToken$ErrorLastmalloc
                                                                                                                • String ID: /33n
                                                                                                                • API String ID: 3066823155-2706969298
                                                                                                                • Opcode ID: 9fe4b71857aa94b96cb03cc69a6f6099925f3d10164c90be8ce2187f33b66b09
                                                                                                                • Instruction ID: 70b765dc9184d6ccfda610112584cffbbd746c6fddebd18214dfc365c118ae52
                                                                                                                • Opcode Fuzzy Hash: 9fe4b71857aa94b96cb03cc69a6f6099925f3d10164c90be8ce2187f33b66b09
                                                                                                                • Instruction Fuzzy Hash: EA01D1325005AAFEEF008AE9CE40FAE7B6DEB05798F300021F900EA450D732DE0597A0
                                                                                                                Function 640F0E5C Relevance: 6.1, APIs: 4, Instructions: 100windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MapDialogRect.USER32(?,00000000), ref: 640F0EC4
                                                                                                                  • Part of subcall function 640F91B7: _malloc.LIBCMT ref: 640F91D1
                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 640F0F1D
                                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 640F0F27
                                                                                                                • ShowWindow.USER32(?,00000001,?,00000000,?,00000000), ref: 640F0F2E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$DialogRectShowWindow_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 929715566-0
                                                                                                                • Opcode ID: a844d21ab235347d2849385fa48bbeb5f4444d75c367fa446322f80ba90d05b7
                                                                                                                • Instruction ID: efcf693754ba97de61af37b19ac856d4e2faf3da7178558e02625822d3a1ebda
                                                                                                                • Opcode Fuzzy Hash: a844d21ab235347d2849385fa48bbeb5f4444d75c367fa446322f80ba90d05b7
                                                                                                                • Instruction Fuzzy Hash: 46317A35A00218AFDB119F69CC49BAEBBF6FF89314F104029FA45EB360CB719905CB91
                                                                                                                Function 6E332E0F Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 6E332E34
                                                                                                                  • Part of subcall function 6E33182C: RegOpenKeyExW.KERNEL32(?,?,00000000,-00020018,6E332E5E,?,?,00000000,?,?,?,6E332E5E,80000002,Software\Microsoft\SQMClient,MachineId,?), ref: 6E331897
                                                                                                                  • Part of subcall function 6E33182C: RegQueryValueExW.KERNEL32(6E332E5E,?,00000000,00000027,80000002,?,?,00000000,?,?,?,6E332E5E,80000002,Software\Microsoft\SQMClient,MachineId,?), ref: 6E3318B3
                                                                                                                  • Part of subcall function 6E33182C: RegCloseKey.KERNEL32(6E332E5E,?,00000000,?,?,?,6E332E5E,80000002,Software\Microsoft\SQMClient,MachineId,?,00000027), ref: 6E3318D1
                                                                                                                • SetLastError.KERNEL32(00000000,80000002,Software\Microsoft\SQMClient,MachineId,?,00000027), ref: 6E332E80
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseErrorLastOpenQueryValuememset
                                                                                                                • String ID: MachineId$Software\Microsoft\SQMClient
                                                                                                                • API String ID: 895213837-1718750536
                                                                                                                • Opcode ID: 7430e5eedf27ec5731c98df2c32bbaa6cef2df52f0141e163298ad93ed714683
                                                                                                                • Instruction ID: 609ce04119179d4f0953591781ee1c54d8d2abfd7a857a96d1cb03df9fcd5131
                                                                                                                • Opcode Fuzzy Hash: 7430e5eedf27ec5731c98df2c32bbaa6cef2df52f0141e163298ad93ed714683
                                                                                                                • Instruction Fuzzy Hash: 2A2102319003A4BAD780DEE989C1EAA37ADAB81348F200469F9149F295D663CD48CB91
                                                                                                                Function 6E333D03 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 6E333D28
                                                                                                                  • Part of subcall function 6E33182C: RegOpenKeyExW.KERNEL32(?,?,00000000,-00020018,6E332E5E,?,?,00000000,?,?,?,6E332E5E,80000002,Software\Microsoft\SQMClient,MachineId,?), ref: 6E331897
                                                                                                                  • Part of subcall function 6E33182C: RegQueryValueExW.KERNEL32(6E332E5E,?,00000000,00000027,80000002,?,?,00000000,?,?,?,6E332E5E,80000002,Software\Microsoft\SQMClient,MachineId,?), ref: 6E3318B3
                                                                                                                  • Part of subcall function 6E33182C: RegCloseKey.KERNEL32(6E332E5E,?,00000000,?,?,?,6E332E5E,80000002,Software\Microsoft\SQMClient,MachineId,?,00000027), ref: 6E3318D1
                                                                                                                • SetLastError.KERNEL32(00000000,80000001,Software\Microsoft\SQMClient,UserId,?,00000027), ref: 6E333D74
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseErrorLastOpenQueryValuememset
                                                                                                                • String ID: Software\Microsoft\SQMClient$UserId
                                                                                                                • API String ID: 895213837-3032788761
                                                                                                                • Opcode ID: fe04a1b1686ad1cf2d558517637592955c059d087fbbf0988d2c2601534e59cc
                                                                                                                • Instruction ID: dfaa66d9290841cc055c834fae12ed724b7abdbdd5e3e045164cb73ef337bf7e
                                                                                                                • Opcode Fuzzy Hash: fe04a1b1686ad1cf2d558517637592955c059d087fbbf0988d2c2601534e59cc
                                                                                                                • Instruction Fuzzy Hash: C321E031600394AFDB80DEE5CCD8EAA37AEAB41348F200465F512AB2A1D767CD488B95
                                                                                                                Function 640FD763 Relevance: 6.1, APIs: 4, Instructions: 68COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _malloc.LIBCMT ref: 640FD771
                                                                                                                  • Part of subcall function 640F8FCB: __FF_MSGBANNER.LIBCMT ref: 640F8FE4
                                                                                                                  • Part of subcall function 640F8FCB: __NMSG_WRITE.LIBCMT ref: 640F8FEB
                                                                                                                  • Part of subcall function 640F8FCB: HeapAlloc.KERNEL32(00000000,00000001,00000000,?,?,?,640F91D6,?), ref: 640F9010
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocHeap_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 3293231637-0
                                                                                                                • Opcode ID: 13d080261e88475641ae239395f4abc03e63bea9afbc9e362526a895a0beda07
                                                                                                                • Instruction ID: 983f6fde9bc2534ef318d110fef1c9ef56843620fd3bedc115067cd800f7ee6b
                                                                                                                • Opcode Fuzzy Hash: 13d080261e88475641ae239395f4abc03e63bea9afbc9e362526a895a0beda07
                                                                                                                • Instruction Fuzzy Hash: 8E119832A08B35AADB911F74DC04B8E3BE5DF867A8B200535EC469F250EF3488438791
                                                                                                                Function 6E333679 Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,6E33332F,?), ref: 6E333683
                                                                                                                • OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,?,?,6E33332F,?), ref: 6E3336B3
                                                                                                                  • Part of subcall function 6E332815: GetTokenInformation.KERNELBASE(?,/33n,00000000,00000000,00000000,00000000,00000000,?,?,6E3336C7,?,00000001), ref: 6E332835
                                                                                                                  • Part of subcall function 6E332815: GetLastError.KERNEL32(?,?,6E3336C7,?,00000001,?,?,?,?,6E33332F,?), ref: 6E33283B
                                                                                                                  • Part of subcall function 6E332815: GetTokenInformation.KERNELBASE(?,?,00000000,?,?,?,?,6E3336C7,?,00000001,?,?,?,?,6E33332F,?), ref: 6E332863
                                                                                                                • ConvertSidToStringSidW.ADVAPI32(00000000,?), ref: 6E3336D5
                                                                                                                • CloseHandle.KERNEL32(?,?,00000001,?,?,?,?,6E33332F,?), ref: 6E3336E0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                • String ID:
                                                                                                                • API String ID: 995526605-0
                                                                                                                • Opcode ID: bbc7bf23417a6edd824441659c428c92503e5b75c87f3dc91685e7b2ebc19b35
                                                                                                                • Instruction ID: b5fc38d4686feea28e951a2612be9e38f6ad6877747411b041c94d601200a638
                                                                                                                • Opcode Fuzzy Hash: bbc7bf23417a6edd824441659c428c92503e5b75c87f3dc91685e7b2ebc19b35
                                                                                                                • Instruction Fuzzy Hash: D411B2319002A5FFDB509FE5C8C9EAD7BA9EF05394F318064F410EB250D7729950CB50
                                                                                                                Function 6CC7C0AA Relevance: 6.0, APIs: 4, Instructions: 46COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _malloc.LIBCMT ref: 6CC7C0C4
                                                                                                                  • Part of subcall function 6CC7BFB3: __FF_MSGBANNER.LIBCMT ref: 6CC7BFCC
                                                                                                                  • Part of subcall function 6CC7BFB3: __NMSG_WRITE.LIBCMT ref: 6CC7BFD3
                                                                                                                  • Part of subcall function 6CC7BFB3: RtlAllocateHeap.NTDLL(00000000,00000001,?,6CC5831D,00000000,?,6CC7C0C9,6CC5F845,00000C00,00000020,6CC5F845,?), ref: 6CC7BFF8
                                                                                                                • std::exception::exception.LIBCMT ref: 6CC7C0F9
                                                                                                                • std::exception::exception.LIBCMT ref: 6CC7C113
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 6CC7C124
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 615853336-0
                                                                                                                • Opcode ID: 20fbe79874d42f65bb32b6da81d1ba2a0817d11c1d6b1dcffedd7b49c917a83e
                                                                                                                • Instruction ID: ccf223b7c6e20f23c850469dfd0ff915948e8aa4afc165cc6ae6b31bbdb34a94
                                                                                                                • Opcode Fuzzy Hash: 20fbe79874d42f65bb32b6da81d1ba2a0817d11c1d6b1dcffedd7b49c917a83e
                                                                                                                • Instruction Fuzzy Hash: 8AF0817150110A6BDF20EFA9CD16ADE7AB9EB4125CF140055E920E6E80FB70DA4597B1
                                                                                                                Function 6CC254FB Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetSystemInfo.KERNEL32(?), ref: 6CC25562
                                                                                                                  • Part of subcall function 6CC24FAC: _memset.LIBCMT ref: 6CC24FB4
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3InfoSystem_memset
                                                                                                                • String ID: %s - %s %s %s$Unknown OS
                                                                                                                • API String ID: 3853411852-1218788732
                                                                                                                • Opcode ID: 59cb1588bf38af88fde5303da395f6d6d013ac88dd15b0688562b052fa977dc9
                                                                                                                • Instruction ID: 44a005b87f85e46ad190d0dd7ad0c00e43ae744a0c67f7e53050eccb6504a8b8
                                                                                                                • Opcode Fuzzy Hash: 59cb1588bf38af88fde5303da395f6d6d013ac88dd15b0688562b052fa977dc9
                                                                                                                • Instruction Fuzzy Hash: AA416C721083459FD720CF68C840BCBBBE9FF89318F140E1EF59497691EB34A6098B92
                                                                                                                Function 6CC34397 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 108COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC3439E
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC2A5D0: __EH_prolog3.LIBCMT ref: 6CC2A5D7
                                                                                                                  • Part of subcall function 6CC2A5D0: SysFreeString.OLEAUT32(?), ref: 6CC2A62B
                                                                                                                  • Part of subcall function 6CC58863: _wcschr.LIBCMT ref: 6CC5887A
                                                                                                                  • Part of subcall function 6CC344EA: __EH_prolog3.LIBCMT ref: 6CC344F1
                                                                                                                  • Part of subcall function 6CC344EA: __CxxThrowException@8.LIBCMT ref: 6CC345E9
                                                                                                                  • Part of subcall function 6CC34613: RegCloseKey.ADVAPI32(?,00000034,00000034,00000034,00000034,00000000,00000000,?,00000034,RegKey,?,RegValueName,00000034,6CC342F8,6CC1A794,025122C8), ref: 6CC3468D
                                                                                                                  • Part of subcall function 6CC34613: RegCloseKey.ADVAPI32(?,00000034,00000034,00000000,00000000,?,00000034,RegKey,?,RegValueName,00000034,6CC342F8,6CC1A794,025122C8), ref: 6CC3469E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Close$Exception@8FreeStringThrow_wcschr
                                                                                                                • String ID: RegKey$RegValueName
                                                                                                                • API String ID: 3842226755-3571311812
                                                                                                                • Opcode ID: 0353b1f6a46b1f24773ed5f0cd23df7733db597617fedf1a863cd56eca6cf75d
                                                                                                                • Instruction ID: 9785601d204d719babab34d72c37ce6b7e17bcef16526977b82448b06b1acc04
                                                                                                                • Opcode Fuzzy Hash: 0353b1f6a46b1f24773ed5f0cd23df7733db597617fedf1a863cd56eca6cf75d
                                                                                                                • Instruction Fuzzy Hash: 73416C32A0024D9FCB10DBA8C944BDEBBB9AF44328F144255E519FB781EB74DA19CB61
                                                                                                                Function 6CC34265 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC3426C
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC2A63E: __EH_prolog3.LIBCMT ref: 6CC2A645
                                                                                                                  • Part of subcall function 6CC2A63E: SysFreeString.OLEAUT32(?), ref: 6CC2A69B
                                                                                                                  • Part of subcall function 6CC34397: __EH_prolog3.LIBCMT ref: 6CC3439E
                                                                                                                • GetUserDefaultUILanguage.KERNEL32(6CC1A794,025122C8), ref: 6CC34302
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$DefaultFreeLanguageStringUser
                                                                                                                • String ID: LCIDHint
                                                                                                                • API String ID: 188276182-1583853939
                                                                                                                • Opcode ID: 51bd696d133274b25770c31467f5b53c47448c1b996da090d3a16e000316b094
                                                                                                                • Instruction ID: c2b16ff79f2fa2a0ea34641cbf013a2548122140c800d6d5fa0da0ace90f06bb
                                                                                                                • Opcode Fuzzy Hash: 51bd696d133274b25770c31467f5b53c47448c1b996da090d3a16e000316b094
                                                                                                                • Instruction Fuzzy Hash: 96417F71A01219DFDB04CFA8D984ADEBBB5BF84318F204559E459EB690EB32DE05CB60
                                                                                                                Function 640EE1AD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetThreadLocale.KERNEL32(00000000), ref: 640EE1FD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LocaleThread
                                                                                                                • String ID: UiInfo.xml
                                                                                                                • API String ID: 635194068-3938134364
                                                                                                                • Opcode ID: ed506cc28e842f2f484e1912dd249d4d922bb550de57d18316b5df81ae38e543
                                                                                                                • Instruction ID: 9f13aaf60df86e326fe238539052e4f3b82fbe29b4066919c6330d65169c0b87
                                                                                                                • Opcode Fuzzy Hash: ed506cc28e842f2f484e1912dd249d4d922bb550de57d18316b5df81ae38e543
                                                                                                                • Instruction Fuzzy Hash: 7E416E716087559FD710CF64C848B6ABBE4FF89328F004A2DF86687791DB34E905CB91
                                                                                                                Function 6CC46E46 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC46E4D
                                                                                                                  • Part of subcall function 6CC450B2: __EH_prolog3.LIBCMT ref: 6CC450B9
                                                                                                                  • Part of subcall function 6CC450B2: GetLastError.KERNEL32(00000000,LoadLibrary,00000000,0000000C,6CC46E7F,00000000,?), ref: 6CC45110
                                                                                                                  • Part of subcall function 6CC450B2: __CxxThrowException@8.LIBCMT ref: 6CC4512D
                                                                                                                • GetCommandLineW.KERNEL32(00000000,?), ref: 6CC46E8F
                                                                                                                  • Part of subcall function 6CC23E77: __EH_prolog3.LIBCMT ref: 6CC23E7E
                                                                                                                  • Part of subcall function 6CC23A16: __EH_prolog3.LIBCMT ref: 6CC23A1D
                                                                                                                  • Part of subcall function 6CC4516F: FreeLibrary.KERNEL32(00000000,?,6CC450F8,00000000,0000000C,6CC46E7F,00000000,?), ref: 6CC4517C
                                                                                                                  • Part of subcall function 6CC4516F: LoadLibraryW.KERNEL32(?,?,?,6CC450F8,00000000,0000000C,6CC46E7F,00000000,?), ref: 6CC45194
                                                                                                                  • Part of subcall function 6CC7C0AA: _malloc.LIBCMT ref: 6CC7C0C4
                                                                                                                  • Part of subcall function 6CC6ABA1: __EH_prolog3.LIBCMT ref: 6CC6ABA8
                                                                                                                  • Part of subcall function 6CC6ABA1: GetProcAddress.KERNEL32(00000004,CreateClassFactory), ref: 6CC6ABB8
                                                                                                                  • Part of subcall function 6CC6ABA1: GetLastError.KERNEL32 ref: 6CC6ABC6
                                                                                                                  • Part of subcall function 6CC6ABA1: __CxxThrowException@8.LIBCMT ref: 6CC6AC7D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$ErrorException@8LastLibraryThrow$AddressCommandFreeLineLoadProc_malloc
                                                                                                                • String ID: passive
                                                                                                                • API String ID: 304155978-1995439567
                                                                                                                • Opcode ID: d3844844aad783e518e1e47f7b75b6a29a686982a3ae944777e4e68090748ac5
                                                                                                                • Instruction ID: 846e3759c88246858f6a084f3caf598d03a2a12f21c1e5fe19f4a7d251bc2852
                                                                                                                • Opcode Fuzzy Hash: d3844844aad783e518e1e47f7b75b6a29a686982a3ae944777e4e68090748ac5
                                                                                                                • Instruction Fuzzy Hash: 6F31C171911705DBEB00DFA4C804BDDBBB4BF04318F04C95AD895ABF84EB75D6098BA1
                                                                                                                Function 6CC5EA74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC5EA7B
                                                                                                                • GetComputerObjectNameW.SECUR32(00000007,00000000,6CC5FA6E), ref: 6CC5EAC0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ComputerH_prolog3NameObject
                                                                                                                • String ID: microsoft.com
                                                                                                                • API String ID: 4212761916-499418652
                                                                                                                • Opcode ID: 33a662b7426e2ff47d3f42971934cbe8d86a1a1fd50c79498cba8ca68a5913f6
                                                                                                                • Instruction ID: d03f95d99128450cdb1000f2281cdbbdd404baff4eaded49eb9857e681b5996c
                                                                                                                • Opcode Fuzzy Hash: 33a662b7426e2ff47d3f42971934cbe8d86a1a1fd50c79498cba8ca68a5913f6
                                                                                                                • Instruction Fuzzy Hash: 7921F331A111098BCF04DFB8C850AEEBB72BF0132CF50465ED121A7BD0FB75992987A9
                                                                                                                Function 6CC57DB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC57DB7
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC24CB2: __EH_prolog3.LIBCMT ref: 6CC24CB9
                                                                                                                  • Part of subcall function 6CC2395E: __EH_prolog3.LIBCMT ref: 6CC23965
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: Operation Type$Operation: %s
                                                                                                                • API String ID: 431132790-3288381836
                                                                                                                • Opcode ID: 3ae148cc0be1c98fddb05862154c368df9b88c985b73b0a4bbc6944dd28ef65f
                                                                                                                • Instruction ID: a18c966ea2eefe90bc01af01ab70d9bc56c0979d330517d3603c31f8a375570a
                                                                                                                • Opcode Fuzzy Hash: 3ae148cc0be1c98fddb05862154c368df9b88c985b73b0a4bbc6944dd28ef65f
                                                                                                                • Instruction Fuzzy Hash: D92118719001099FCB10DBE8C949EDEBBB8AF15208F14455AE244EB741E775DA19CBA1
                                                                                                                Function 6CC4531E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC45325
                                                                                                                  • Part of subcall function 6CC78AFC: _wcsnlen.LIBCMT ref: 6CC78B0C
                                                                                                                • DeleteFileW.KERNEL32(?,00000010,HFI,00000000,?,6CC1AB18,00000004,6CC6A448,9B5DCFA9,9B5DCFA9,?,?,6CC54B23), ref: 6CC45399
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFileH_prolog3_wcsnlen
                                                                                                                • String ID: HFI
                                                                                                                • API String ID: 1332513528-686494941
                                                                                                                • Opcode ID: f1591fe84b16361505b0fccba8af83b757f18e3331c109f0ef0c9dfc8129a96d
                                                                                                                • Instruction ID: 2cd691b8c29501693771cb85a370b9924f7a605646021c0dadda2f7c40612b22
                                                                                                                • Opcode Fuzzy Hash: f1591fe84b16361505b0fccba8af83b757f18e3331c109f0ef0c9dfc8129a96d
                                                                                                                • Instruction Fuzzy Hash: FA11E1313001089FC714DF78C840AAEB7E1BF5532CB10865AE661ABB90FBB0D9088660
                                                                                                                Function 6CC6356C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC63573
                                                                                                                  • Part of subcall function 6CC2579B: _memset.LIBCMT ref: 6CC257CA
                                                                                                                  • Part of subcall function 6CC2579B: GetVersionExW.KERNEL32 ref: 6CC257DF
                                                                                                                  • Part of subcall function 6CC2579B: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000001), ref: 6CC257F5
                                                                                                                  • Part of subcall function 6CC2579B: VerSetConditionMask.KERNEL32(00000000,?,00000001,00000001), ref: 6CC257FD
                                                                                                                  • Part of subcall function 6CC2579B: VerSetConditionMask.KERNEL32(00000000,?,00000020,00000001,?,00000001,00000001), ref: 6CC25805
                                                                                                                  • Part of subcall function 6CC2579B: VerSetConditionMask.KERNEL32(00000000,?,00000010,00000001,?,00000020,00000001,?,00000001,00000001), ref: 6CC2580D
                                                                                                                  • Part of subcall function 6CC2579B: VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6CC25818
                                                                                                                Strings
                                                                                                                • CSDReleaseType, xrefs: 6CC635CC
                                                                                                                • SYSTEM\CurrentControlSet\Control\Windows, xrefs: 6CC635E1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ConditionMask$Version$H_prolog3InfoVerify_memset
                                                                                                                • String ID: CSDReleaseType$SYSTEM\CurrentControlSet\Control\Windows
                                                                                                                • API String ID: 3830908078-406884543
                                                                                                                • Opcode ID: d1a014849215dc6c037749f6072c79853adc163a71bd88b81276f9af5a6539c1
                                                                                                                • Instruction ID: bc86f98ddf034176bb24a8bca3a50be2a551ae2cafacfc3babddbc5044d9a05c
                                                                                                                • Opcode Fuzzy Hash: d1a014849215dc6c037749f6072c79853adc163a71bd88b81276f9af5a6539c1
                                                                                                                • Instruction Fuzzy Hash: D401A5F2D101286BDB14CF19C911AE93A90AB10358F0A4166FDA9EBB41E739DA04DB95
                                                                                                                Function 6CC61602 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,6CC5FA6E,?,?,?,?,?,?,6CC634F1,6CC5FA6E,000000FF), ref: 6CC61637
                                                                                                                • GetLastError.KERNEL32(?,6CC5FA6E,?,?,?,?,?,?,6CC634F1,6CC5FA6E,000000FF,?,?,00000738,6CC5FA6E,?), ref: 6CC61647
                                                                                                                  • Part of subcall function 6CC27479: __EH_prolog3.LIBCMT ref: 6CC27480
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DiskErrorFreeH_prolog3LastSpace
                                                                                                                • String ID: GetDiskFreeSpaceEx
                                                                                                                • API String ID: 3776785849-3355056173
                                                                                                                • Opcode ID: 6f68966e67941c35d7828bcdf2eb380096bef7e95148e26fcba73824ef2bb1ff
                                                                                                                • Instruction ID: 49a70936c2343cb0811a3023801908d78f7ab18df62ea81feb1574a8765d107f
                                                                                                                • Opcode Fuzzy Hash: 6f68966e67941c35d7828bcdf2eb380096bef7e95148e26fcba73824ef2bb1ff
                                                                                                                • Instruction Fuzzy Hash: A80128B6A00219FB8B00DF99D9458EEBBB9EB98714F114449E905F3600E770AB09CBD0
                                                                                                                Function 6CC5EC5A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC5EC61
                                                                                                                  • Part of subcall function 6CC53B2B: __EH_prolog3.LIBCMT ref: 6CC53B32
                                                                                                                  • Part of subcall function 6CC53B2B: InitializeCriticalSection.KERNEL32(00000002,?,00000000,00000000,00000002,?,?,00000000,?,?,?,?,00000008,6CC5EC79,?,?), ref: 6CC53BC9
                                                                                                                  • Part of subcall function 6CC62C16: PathFileExistsW.SHLWAPI(00000000), ref: 6CC62CA8
                                                                                                                  • Part of subcall function 6CC62C16: __CxxThrowException@8.LIBCMT ref: 6CC62CE7
                                                                                                                  • Part of subcall function 6CC62C16: CopyFileW.KERNEL32(00000010,00000000,00000000,?), ref: 6CC62D19
                                                                                                                  • Part of subcall function 6CC62C16: SetFileAttributesW.KERNEL32(?,00000080), ref: 6CC62D32
                                                                                                                • InitializeCriticalSection.KERNEL32(?,?,?,.html,00000001,00000000,6CC5747C,00000000,00000000,?,?,?,?,?,?,?), ref: 6CC5ECBB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$CriticalH_prolog3InitializeSection$AttributesCopyException@8ExistsPathThrow
                                                                                                                • String ID: .html
                                                                                                                • API String ID: 4277916732-2179875201
                                                                                                                • Opcode ID: 293f70af4fd32877843dba4b21c96111389fde4b4ca98b10c7dab36906e8af7b
                                                                                                                • Instruction ID: ca8cc60d87fa16c860b0abb10d910d23e28efa0ba1e9ae01d7add3ce30c87028
                                                                                                                • Opcode Fuzzy Hash: 293f70af4fd32877843dba4b21c96111389fde4b4ca98b10c7dab36906e8af7b
                                                                                                                • Instruction Fuzzy Hash: A5F0F635A00242EBDB00DBA4C954BDCBB71BF1430CF504018D504ABF81E734EA1DD7A2
                                                                                                                Function 640E6615 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,80000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 640E6636
                                                                                                                • SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,?,640E72CF), ref: 640E6648
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Create
                                                                                                                • String ID: tooltips_class32
                                                                                                                • API String ID: 870168347-1918224756
                                                                                                                • Opcode ID: 3f57fbbc662a07b789b9c2394054737846340225166b84d52ce15f8d2598a7f6
                                                                                                                • Instruction ID: 4d62407933c97982542f9a23c9aa50e43f0d96dd66078ea255ec7ecb06a053ce
                                                                                                                • Opcode Fuzzy Hash: 3f57fbbc662a07b789b9c2394054737846340225166b84d52ce15f8d2598a7f6
                                                                                                                • Instruction Fuzzy Hash: 41E042B1547231BEE6705A6AAD0CFE76E9CEF4B6B0F214214796CE6180CA605914CBF0
                                                                                                                Function 6CC6A1E6 Relevance: 4.7, APIs: 3, Instructions: 225COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC6A1ED
                                                                                                                • GetCurrentProcessId.KERNEL32(00000020,6CC453D9,00000000,?,?,6CC54B23), ref: 6CC6A1FD
                                                                                                                  • Part of subcall function 6CC45238: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,00000000), ref: 6CC45254
                                                                                                                  • Part of subcall function 6CC45238: _memset.LIBCMT ref: 6CC4526E
                                                                                                                  • Part of subcall function 6CC45238: Process32FirstW.KERNEL32(00000000,?), ref: 6CC45288
                                                                                                                  • Part of subcall function 6CC45238: CloseHandle.KERNEL32(00000000), ref: 6CC452B7
                                                                                                                  • Part of subcall function 6CC78EAB: _memcpy_s.LIBCMT ref: 6CC78EFC
                                                                                                                  • Part of subcall function 6CC58608: __wcsicoll.LIBCMT ref: 6CC58626
                                                                                                                • GetTempPathW.KERNEL32(00000104,00000000,6CC54B23,6CC54614,6CC54B23,00000000,00000010,00000010,?,00000000,6CC54614,?,?,6CC54B23), ref: 6CC6A415
                                                                                                                  • Part of subcall function 6CC45238: Process32NextW.KERNEL32(00000000,0000022C), ref: 6CC452A3
                                                                                                                  • Part of subcall function 6CC78AFC: _wcsnlen.LIBCMT ref: 6CC78B0C
                                                                                                                  • Part of subcall function 6CC4531E: __EH_prolog3.LIBCMT ref: 6CC45325
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3Process32$CloseCreateCurrentFirstHandleNextPathProcessSnapshotTempToolhelp32__wcsicoll_memcpy_s_memset_wcsnlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 3082661801-0
                                                                                                                • Opcode ID: 286ce42707273c632ecfb12ab64c185030adb82b5011113bce0f3eb57bb9e997
                                                                                                                • Instruction ID: 39ab4fc75ec8e85d3ae04e6b9f59e728ff90549f3a7a277c0a529017b096dd02
                                                                                                                • Opcode Fuzzy Hash: 286ce42707273c632ecfb12ab64c185030adb82b5011113bce0f3eb57bb9e997
                                                                                                                • Instruction Fuzzy Hash: 7C915E719012498FDB10DFB8C984AEDBBB4FF05328F548659E550ABB91EB389908CB61
                                                                                                                Function 6E33182C Relevance: 4.6, APIs: 3, Instructions: 109registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegOpenKeyExW.KERNEL32(?,?,00000000,-00020018,6E332E5E,?,?,00000000,?,?,?,6E332E5E,80000002,Software\Microsoft\SQMClient,MachineId,?), ref: 6E331897
                                                                                                                • RegQueryValueExW.KERNEL32(6E332E5E,?,00000000,00000027,80000002,?,?,00000000,?,?,?,6E332E5E,80000002,Software\Microsoft\SQMClient,MachineId,?), ref: 6E3318B3
                                                                                                                • RegCloseKey.KERNEL32(6E332E5E,?,00000000,?,?,?,6E332E5E,80000002,Software\Microsoft\SQMClient,MachineId,?,00000027), ref: 6E3318D1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3677997916-0
                                                                                                                • Opcode ID: d64bdaad3d79935ca32de22720550d35bc98e953a5ba1fb288aa9fec701e6621
                                                                                                                • Instruction ID: cecf5f4d83e113955c4c33c0977fa6c39c3e2d9edb0a7369bbfc6a5a470da8ed
                                                                                                                • Opcode Fuzzy Hash: d64bdaad3d79935ca32de22720550d35bc98e953a5ba1fb288aa9fec701e6621
                                                                                                                • Instruction Fuzzy Hash: 91319331900296EFDB419FD5C8D4EEA7BE9EB11348F7100A9FA149B261D332C998CB91
                                                                                                                Function 640DF415 Relevance: 4.6, APIs: 3, Instructions: 70COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 640DF24C: GetDlgItem.USER32(?), ref: 640DF257
                                                                                                                  • Part of subcall function 640DF24C: SetWindowTextW.USER32(00000000,?), ref: 640DF286
                                                                                                                  • Part of subcall function 640DF24C: ShowWindow.USER32(00000000,00000005), ref: 640DF28F
                                                                                                                  • Part of subcall function 640DF24C: KiUserCallbackDispatcher.NTDLL(00000000,00000000), ref: 640DF2AE
                                                                                                                  • Part of subcall function 640DF24C: ShowWindow.USER32(00000000,00000000), ref: 640DF2A5
                                                                                                                • GetDlgItem.USER32(?,00003024), ref: 640DF479
                                                                                                                • GetWindowLongW.USER32(00000000,000000EB), ref: 640DF484
                                                                                                                • SetWindowLongW.USER32(00000000,000000EB,00000001), ref: 640DF4C4
                                                                                                                  • Part of subcall function 640DF527: GetWindowPlacement.USER32(00000000,?,00000000), ref: 640DF550
                                                                                                                  • Part of subcall function 640DF527: SetWindowPlacement.USER32(00000000,0000002C), ref: 640DF561
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$ItemLongPlacementShow$CallbackDispatcherTextUser
                                                                                                                • String ID:
                                                                                                                • API String ID: 3090988947-0
                                                                                                                • Opcode ID: f949423ba1ad6188d6015380cf2d122f65612628e900fcf8bb5f6c01c8d27168
                                                                                                                • Instruction ID: 53a8eb859e9fff5e07bf751158704edfca38fa4245cc15e8980349c4299cc457
                                                                                                                • Opcode Fuzzy Hash: f949423ba1ad6188d6015380cf2d122f65612628e900fcf8bb5f6c01c8d27168
                                                                                                                • Instruction Fuzzy Hash: A82130392003249FDB009F64C498E697BA6FF89368B1582A4FD099F361CB31DC19CB81
                                                                                                                Function 640EF5FD Relevance: 4.6, APIs: 3, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __recalloc$H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 59120599-0
                                                                                                                • Opcode ID: e57cc06adc3941418b215361fe237b4f23751fb178896f379662567892b4a641
                                                                                                                • Instruction ID: 3dc236d2b361205f3def08e18dcbf570ba0109801b71f8594891967aed382a1d
                                                                                                                • Opcode Fuzzy Hash: e57cc06adc3941418b215361fe237b4f23751fb178896f379662567892b4a641
                                                                                                                • Instruction Fuzzy Hash: 74111E72600212DFF7108F69D981B65B7E5FB18758F108828E9E9CB365DB31E8518B50
                                                                                                                Function 6CC476BB Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC476C2
                                                                                                                  • Part of subcall function 6CC475C2: __EH_prolog3.LIBCMT ref: 6CC475C9
                                                                                                                  • Part of subcall function 6CC475C2: OpenFileMappingW.KERNEL32(00000002,00000000,00000000,?,6CC1AB18,00000008,6CC476FE,?,?,00000004,6CC6C454,?,6CC195D4,00000000,00000001,?), ref: 6CC475F2
                                                                                                                  • Part of subcall function 6CC475C2: GetLastError.KERNEL32(?,?,?,?,00000001), ref: 6CC475FF
                                                                                                                • OpenEventW.KERNEL32(00100002,00000000,00000000,?,?,00000004,6CC6C454,?,6CC195D4,00000000,00000001,?,6CC1A794,?,00000001,?), ref: 6CC4770B
                                                                                                                • OpenFileMappingW.KERNEL32(00000002,00000000,00000000,?,?,?,?,00000001), ref: 6CC4771B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Open$FileH_prolog3Mapping$ErrorEventLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 1631330826-0
                                                                                                                • Opcode ID: fb3e94d610adc7653883a0037c2c88ac48ba640708d87da2e73c4f84c81b0d75
                                                                                                                • Instruction ID: b6b5efeb7865e8f860bdd53bd0d287c5218b786444ad77b95a3febe360384c40
                                                                                                                • Opcode Fuzzy Hash: fb3e94d610adc7653883a0037c2c88ac48ba640708d87da2e73c4f84c81b0d75
                                                                                                                • Instruction Fuzzy Hash: D2112BB5604346EFCB00CF65C842B99BBB1BF48314F108519F8589BB91E770E964DFA5
                                                                                                                Function 6CC2C406 Relevance: 4.5, APIs: 3, Instructions: 40registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegOpenKeyExW.KERNEL32(80000002,?,00000000,00000001,?,?,?,?,?,6CC635F5,?,SYSTEM\CurrentControlSet\Control\Windows,?,?,CSDReleaseType), ref: 6CC2C426
                                                                                                                • RegQueryValueExW.KERNEL32(?,?,00000000,00000000,6CC60F4A,00000004,?,?,?,6CC635F5,?,SYSTEM\CurrentControlSet\Control\Windows,?,?,CSDReleaseType), ref: 6CC2C43F
                                                                                                                • RegCloseKey.KERNEL32(?,?,?,?,6CC635F5,?,SYSTEM\CurrentControlSet\Control\Windows,?,?,CSDReleaseType,?,025122C8,00000004,6CC60F4A,?), ref: 6CC2C44E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3677997916-0
                                                                                                                • Opcode ID: 5e82f9b29ad8dab61ca330eb48840fba5560f3f01d7c7140f3c7fd07daef7166
                                                                                                                • Instruction ID: 56959eec6ec0902da6f49f02aee24bacd4a0014c232ab67e1b2fae65a5ce7164
                                                                                                                • Opcode Fuzzy Hash: 5e82f9b29ad8dab61ca330eb48840fba5560f3f01d7c7140f3c7fd07daef7166
                                                                                                                • Instruction Fuzzy Hash: D5F0E175200108BFEB119F99CC85FAE7B7DEF0536CF144215F91196250E775DE54AB20
                                                                                                                Function 6CC27CE8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 99COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC27CEF
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC27EE4: __EH_prolog3.LIBCMT ref: 6CC27EEB
                                                                                                                  • Part of subcall function 6CC25DD0: __EH_prolog3.LIBCMT ref: 6CC25DD7
                                                                                                                  • Part of subcall function 6CC25485: __EH_prolog3.LIBCMT ref: 6CC2548C
                                                                                                                  • Part of subcall function 6CC25485: GetModuleHandleW.KERNEL32(kernel32.dll,0000002C,6CC27DAF,?,?,?,?,?,00000000,?,?,6CC1AB18,00000008,6CC27CD9), ref: 6CC2549C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$HandleModule
                                                                                                                • String ID: Unknown
                                                                                                                • API String ID: 1530205010-1654365787
                                                                                                                • Opcode ID: f3007db1fd414503a48b5b518616893bd593fd556cdc7159fbe2e181dd5179d8
                                                                                                                • Instruction ID: 551f258c97d727f0faaa0d09ba3622f5bd58cfed79e5aa9df423f7609ae3135d
                                                                                                                • Opcode Fuzzy Hash: f3007db1fd414503a48b5b518616893bd593fd556cdc7159fbe2e181dd5179d8
                                                                                                                • Instruction Fuzzy Hash: D4313F725107059EDB24DFB4C841FEBB3A8FF05318F504A5EA169DBAC0EB74A9488725
                                                                                                                Function 6CC54AD6 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC54ADD
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC58E4A: PathAppendW.SHLWAPI(00000000,?,?,?,?,?,6CC699FD,00000000,00000000,?,?,?,00000000,?,UiInfo.xml), ref: 6CC58E6E
                                                                                                                  • Part of subcall function 6CC78EAB: _memcpy_s.LIBCMT ref: 6CC78EFC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$AppendPath_memcpy_s
                                                                                                                • String ID: %TEMP%
                                                                                                                • API String ID: 3727483831-235365282
                                                                                                                • Opcode ID: 0375f7292ac9cd4b37c9bed1669d5aaf17eebefdd91fa4d7796b27604f5f8a5c
                                                                                                                • Instruction ID: 68c0cbb72f2bad3154432379174e1c0fa017cfd6df0594276d0eb71379f80ab8
                                                                                                                • Opcode Fuzzy Hash: 0375f7292ac9cd4b37c9bed1669d5aaf17eebefdd91fa4d7796b27604f5f8a5c
                                                                                                                • Instruction Fuzzy Hash: 2A214F3291050A8BDF10DBB8C841BEEB7B4FF0132CF544655E160EBBD5EB749A288766
                                                                                                                Function 6CC32677 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC3267E
                                                                                                                  • Part of subcall function 6CC289B7: __EH_prolog3.LIBCMT ref: 6CC289BE
                                                                                                                  • Part of subcall function 6CC289B7: __CxxThrowException@8.LIBCMT ref: 6CC28A89
                                                                                                                  • Part of subcall function 6CC32811: __EH_prolog3.LIBCMT ref: 6CC32818
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8Throw
                                                                                                                • String ID: ReturnCode
                                                                                                                • API String ID: 2489616738-1214168914
                                                                                                                • Opcode ID: d02a30f2511598ff2636ff21f8c87031e0c0a755e3c1179abd8342539b99b358
                                                                                                                • Instruction ID: 019bf5022b1426b9a90979ff0d00424466547e5483e2cb44f886b3aefc929ac9
                                                                                                                • Opcode Fuzzy Hash: d02a30f2511598ff2636ff21f8c87031e0c0a755e3c1179abd8342539b99b358
                                                                                                                • Instruction Fuzzy Hash: 99216DB19112159FCB10CFACC885A9E7BA8FF09718B14855AF824DF786EB70D914CBA1
                                                                                                                Function 6CC6A11D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: %TEMP%
                                                                                                                • API String ID: 431132790-235365282
                                                                                                                • Opcode ID: d556a72c15ced3c33ae4f41a3fa43bdfc961347c187d9158e1457d842fa152ea
                                                                                                                • Instruction ID: b13129acb71af22db5c8da216b3ffcc101faecd0fcd13fe48bec790a9a1ebb3e
                                                                                                                • Opcode Fuzzy Hash: d556a72c15ced3c33ae4f41a3fa43bdfc961347c187d9158e1457d842fa152ea
                                                                                                                • Instruction Fuzzy Hash: B521307161021AEFDF00DFA1CD88AEE7B74FF04359F004515FA11AAA90EB70DA15CBA0
                                                                                                                Function 6CC69293 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCommandLineW.KERNEL32(9B5DCFA9,6CC5831D,?,00000000,6CC94C14,000000FF,?,6CC57793,?,00000000), ref: 6CC692BF
                                                                                                                  • Part of subcall function 6CC23E77: __EH_prolog3.LIBCMT ref: 6CC23E7E
                                                                                                                  • Part of subcall function 6CC23A16: __EH_prolog3.LIBCMT ref: 6CC23A1D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$CommandLine
                                                                                                                • String ID: repair
                                                                                                                • API String ID: 1384747822-2397320225
                                                                                                                • Opcode ID: b6715234c496d2d92fc434cf41425bd7b2ca699de05e9c7e6413f9158a511b97
                                                                                                                • Instruction ID: b8e9b5e280e1c0f1d4c2156d426dcb45ce352c1e2d73f1b0d3b4ff0302d926b9
                                                                                                                • Opcode Fuzzy Hash: b6715234c496d2d92fc434cf41425bd7b2ca699de05e9c7e6413f9158a511b97
                                                                                                                • Instruction Fuzzy Hash: 09118672558700ABC710CB59CD85F9A77ECEB49738F040A1AB96197ED0FB34D5448681
                                                                                                                Function 640DFF39 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetWindowPlacement.USER32(?,?), ref: 640DFF6A
                                                                                                                  • Part of subcall function 640F76EE: _calloc.LIBCMT ref: 640F770F
                                                                                                                  • Part of subcall function 640F83CE: __CxxThrowException@8.LIBCMT ref: 640F83E2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Exception@8PlacementThrowWindow_calloc
                                                                                                                • String ID: ,
                                                                                                                • API String ID: 1982324250-3772416878
                                                                                                                • Opcode ID: 73dc97667a77ece9cf67fc84694839474cf0a1abcc06186fc243e42dda60efeb
                                                                                                                • Instruction ID: 0a262d67275fbf272363c7995e45bff93e232e2c4143e140d4aade1cf48522ff
                                                                                                                • Opcode Fuzzy Hash: 73dc97667a77ece9cf67fc84694839474cf0a1abcc06186fc243e42dda60efeb
                                                                                                                • Instruction Fuzzy Hash: 49112176904319EFDB00DFA9D980A9EF7F6FF49314B21842AE859E7200D770B945CB50
                                                                                                                Function 640F0389 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • Rich Text Format (*.rtf), xrefs: 640F03A0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _memset
                                                                                                                • String ID: Rich Text Format (*.rtf)
                                                                                                                • API String ID: 2102423945-1134163414
                                                                                                                • Opcode ID: f16c7cdfd0d6f879577f227fcfc5453135e441eaf5e2bffac550aeed7a3b9ede
                                                                                                                • Instruction ID: 4909e00178a7116d5d387dcc09e5fa637c983cec6c9659567c24ab49e39e812f
                                                                                                                • Opcode Fuzzy Hash: f16c7cdfd0d6f879577f227fcfc5453135e441eaf5e2bffac550aeed7a3b9ede
                                                                                                                • Instruction Fuzzy Hash: 3EF08131A002189BDB14DF68EC12BDE77B5EB99718F500529D805EB184DBA0A609C684
                                                                                                                Function 6CC2388B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: Entering Function
                                                                                                                • API String ID: 431132790-2002471330
                                                                                                                • Opcode ID: 8b75a088f6da54af7c4d89aa9abcd7cb57b288e1608b9e05df8d821015cd9ae4
                                                                                                                • Instruction ID: bbd4b7a19ca4d02a5bca7af6d8afcf7a1b253088532656799044c42e43c755bb
                                                                                                                • Opcode Fuzzy Hash: 8b75a088f6da54af7c4d89aa9abcd7cb57b288e1608b9e05df8d821015cd9ae4
                                                                                                                • Instruction Fuzzy Hash: BBF032356006018FDB20CF68C940B9EBBE0FF48618F00C809E884CBB10EB34E840CB51
                                                                                                                Function 6CC238D7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • exiting function/method, xrefs: 6CC238EF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: exiting function/method
                                                                                                                • API String ID: 431132790-2452647166
                                                                                                                • Opcode ID: a1f38adf02664a6da55b1e73cf7691d559341edaff6579514606359d00725bed
                                                                                                                • Instruction ID: a94164559a2d0540b6b477cb4a3024dcc061f865198da1e3f67860c7d1dbae27
                                                                                                                • Opcode Fuzzy Hash: a1f38adf02664a6da55b1e73cf7691d559341edaff6579514606359d00725bed
                                                                                                                • Instruction Fuzzy Hash: FEE01A35211601DFD710DFA8C159F4ABBA1FF48319F10C458E6969FBA0DB31E844CB51
                                                                                                                Function 6CC4736E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000424,6CC4772B,?,?,?,?,00000001), ref: 6CC4739A
                                                                                                                Strings
                                                                                                                • The handle to the section is Null, xrefs: 6CC47380
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileView
                                                                                                                • String ID: The handle to the section is Null
                                                                                                                • API String ID: 3314676101-179083574
                                                                                                                • Opcode ID: 4a8e2b8bd851c26be637bd2b967b1dbd6f7e638ef2385f61007f937d193516d9
                                                                                                                • Instruction ID: 8e8fa6f7424681ded270bbc4a687d14e2f6c1862728b6ec25ca747ed4da48b5e
                                                                                                                • Opcode Fuzzy Hash: 4a8e2b8bd851c26be637bd2b967b1dbd6f7e638ef2385f61007f937d193516d9
                                                                                                                • Instruction Fuzzy Hash: 37E0ECB0784702AFE7208F298C0AF01BAE0EF08B04F51C819B659EE991E671E440DB14
                                                                                                                Function 640E09A7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNELBASE(RICHED20.DLL,?,640ECA98,00000000,00000001,?,80070057,640D5D9C,?,00000030,80070057), ref: 640E09C9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID: RICHED20.DLL
                                                                                                                • API String ID: 1029625771-992299850
                                                                                                                • Opcode ID: 6015502350e68fe3d646eb93306e3e252f2a48a5f7fdbd2bc5f1402e4dcdbc77
                                                                                                                • Instruction ID: cc5e96f4e27ca562f7c44d186565f8cc1b7b68d7f86171141b4275c02a0214d4
                                                                                                                • Opcode Fuzzy Hash: 6015502350e68fe3d646eb93306e3e252f2a48a5f7fdbd2bc5f1402e4dcdbc77
                                                                                                                • Instruction Fuzzy Hash: 73E0FEB1905B608F87609F6B9544542FEF8FFA96103104A1FE48AC7A24D6B0A1498F95
                                                                                                                Function 6E333536 Relevance: 3.2, APIs: 2, Instructions: 213COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ctype.LIBCPMT ref: 6E342015
                                                                                                                • ctype.LIBCPMT ref: 6E34202A
                                                                                                                  • Part of subcall function 6E3317EB: malloc.MSVCRT ref: 6E3317F6
                                                                                                                  • Part of subcall function 6E332885: InitializeCriticalSectionAndSpinCount.KERNEL32(00000004,00000FA0,?,00000000,00000000), ref: 6E3328C4
                                                                                                                  • Part of subcall function 6E333992: EnterCriticalSection.KERNEL32(?,00000000,6E33397F,00000000,6E33371E,80004005), ref: 6E3339AE
                                                                                                                  • Part of subcall function 6E332C9B: VirtualAlloc.KERNEL32(00000000,?,00002000,00000004,6E3327B0,00000000,6E350088), ref: 6E332D01
                                                                                                                  • Part of subcall function 6E332C9B: VirtualAlloc.KERNEL32(?,00000000,00001000,00000004,000003F8,00000000,?,?,?,?,6E3327B0,00000000,6E350088), ref: 6E332D4F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocCriticalSectionVirtualctype$CountEnterInitializeSpinmalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 738331480-0
                                                                                                                • Opcode ID: 35b10ce888310c7853d63ba429a9e4f3c56379ddc3b7d560ffd8e07c6dd9ceb8
                                                                                                                • Instruction ID: fc987f430f183323f2a817e547aa620f58dc961ffb2a811dd71a6e39730276f7
                                                                                                                • Opcode Fuzzy Hash: 35b10ce888310c7853d63ba429a9e4f3c56379ddc3b7d560ffd8e07c6dd9ceb8
                                                                                                                • Instruction Fuzzy Hash: 3871B031504382EFEB918ED1C8D4F993BE9BF01308F2088A8E565DB2A2C776D499CF50
                                                                                                                Function 6CC6D779 Relevance: 3.1, APIs: 2, Instructions: 144COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC6D780
                                                                                                                  • Part of subcall function 6CC43096: __EH_prolog3.LIBCMT ref: 6CC4309D
                                                                                                                • InitializeCriticalSection.KERNEL32(0000000C), ref: 6CC6D96A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$CriticalInitializeSection
                                                                                                                • String ID:
                                                                                                                • API String ID: 1185523453-0
                                                                                                                • Opcode ID: 985cbd5c2da659afda536d9a9bc57951118f9f288c8147323d8b5f2b0e8ff65f
                                                                                                                • Instruction ID: 5754a584d937d7aa7cd354809f7509410d649d93b139a5f7067cf093b4614dd1
                                                                                                                • Opcode Fuzzy Hash: 985cbd5c2da659afda536d9a9bc57951118f9f288c8147323d8b5f2b0e8ff65f
                                                                                                                • Instruction Fuzzy Hash: 59614A7590164AEFCF01CF68C584BDEBBB4BF08304F148199E958AB741E774EA19CBA1
                                                                                                                Function 6CC23C8F Relevance: 3.1, APIs: 2, Instructions: 135COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC23C96
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC23A16: __EH_prolog3.LIBCMT ref: 6CC23A1D
                                                                                                                • _wcspbrk.LIBCMT ref: 6CC23DF7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$_wcspbrk
                                                                                                                • String ID:
                                                                                                                • API String ID: 1958752295-0
                                                                                                                • Opcode ID: 012e1a89928a647d4a5b13886487eb161f7293d7e404a7e205564d92f782b773
                                                                                                                • Instruction ID: cf9777cc0f53362536a7c7e9d71276b11bc8ec2749d2404fffca410ed905bb3b
                                                                                                                • Opcode Fuzzy Hash: 012e1a89928a647d4a5b13886487eb161f7293d7e404a7e205564d92f782b773
                                                                                                                • Instruction Fuzzy Hash: AB4175316001099BCB10DFB8C880EEDB7A5EF4431CF188656EA24DBB81FB35DA1D8765
                                                                                                                Function 640F5CD1 Relevance: 3.1, APIs: 2, Instructions: 78windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32(?,?), ref: 640F5D69
                                                                                                                • SendMessageW.USER32(?,-0000190B,?,?), ref: 640F5D90
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ItemMessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3015471070-0
                                                                                                                • Opcode ID: b945c982d72327e797d5bd0b7cd17e8b5c32e3425ff96d845d6acc04747bcfdd
                                                                                                                • Instruction ID: 1801e2c5501a0f64f0ab1627d0a879d42598c762afe2cda8782aacd193f68135
                                                                                                                • Opcode Fuzzy Hash: b945c982d72327e797d5bd0b7cd17e8b5c32e3425ff96d845d6acc04747bcfdd
                                                                                                                • Instruction Fuzzy Hash: BF116D3AB07E345BEBB00949ECDCB5E76EA978A340F01C436EC158B56BD720D4838552
                                                                                                                Function 6CC34613 Relevance: 3.1, APIs: 2, Instructions: 59registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 6CC7847A: RegCloseKey.ADVAPI32(?,?,?,6CC3463B,00000034,00000034,00000000), ref: 6CC784BA
                                                                                                                • RegCloseKey.ADVAPI32(?,00000034,00000034,00000034,00000034,00000000,00000000,?,00000034,RegKey,?,RegValueName,00000034,6CC342F8,6CC1A794,025122C8), ref: 6CC3468D
                                                                                                                • RegCloseKey.ADVAPI32(?,00000034,00000034,00000000,00000000,?,00000034,RegKey,?,RegValueName,00000034,6CC342F8,6CC1A794,025122C8), ref: 6CC3469E
                                                                                                                  • Part of subcall function 6CC783D2: RegQueryValueExW.ADVAPI32(00000000,00000034,00000000,00000034,00000034,00000000,?,?,6CC34685,?,?,6CC342F8,00000034,00000034,00000034,00000034), ref: 6CC783F4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Close$QueryValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 2393043351-0
                                                                                                                • Opcode ID: f6c275926c1989571626ba8c3750cd37ac1ba59e6e77be40f60786c079a0357d
                                                                                                                • Instruction ID: 54fbdb63933d11358c06c19b265ffbe112abd19584231bd44140388cfab78442
                                                                                                                • Opcode Fuzzy Hash: f6c275926c1989571626ba8c3750cd37ac1ba59e6e77be40f60786c079a0357d
                                                                                                                • Instruction Fuzzy Hash: F111D475E00229EFCF11DF9AD90489EBF79EF89708B104056F914A6610E3B59A15DFA0
                                                                                                                Function 6CC53114 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3_catch_free
                                                                                                                • String ID:
                                                                                                                • API String ID: 2207867443-0
                                                                                                                • Opcode ID: a8999c00cf69ac491a960204cc171a9c434bb33c293e488fb131a0b0e64d4040
                                                                                                                • Instruction ID: 5cca4e73dfbbf38b1b6040f47934516198c60b594e17f026e1a219e3c39b9c8d
                                                                                                                • Opcode Fuzzy Hash: a8999c00cf69ac491a960204cc171a9c434bb33c293e488fb131a0b0e64d4040
                                                                                                                • Instruction Fuzzy Hash: 7E11D330A05309EFDB00CBB4C6487EEBBB0BF0031DF284559D465ABB91E7758A68C7A5
                                                                                                                Function 640F63D4 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 640DE2E1: GetCurrentProcess.KERNEL32(00000000,0000000D), ref: 640DE319
                                                                                                                  • Part of subcall function 640DE2E1: FlushInstructionCache.KERNEL32(00000000), ref: 640DE320
                                                                                                                • SetLastError.KERNEL32(0000000E,00000000,?,?,640F44A7,?,?,00000000,50010000,00000000,?,?,641121D0,00000020,?,00000000), ref: 640F63EF
                                                                                                                • CreateWindowExW.USER32(?,?,00000000,?,?,?,?,?,?,?,00000000,00000000), ref: 640F6456
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CacheCreateCurrentErrorFlushInstructionLastProcessWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 852167079-0
                                                                                                                • Opcode ID: 61c629e4b46942cad1fce612b113288abd662305c0eccfd7aa35e4e743185153
                                                                                                                • Instruction ID: 749512b32d1b0406e8d6762f2d900f6d18a01a37d915ce658dbc286006cd89fd
                                                                                                                • Opcode Fuzzy Hash: 61c629e4b46942cad1fce612b113288abd662305c0eccfd7aa35e4e743185153
                                                                                                                • Instruction Fuzzy Hash: 6B115A32200125AFDB419F59CC04BAB3BB5EB89354F058439FD08EB111DB31E862DBA0
                                                                                                                Function 6CC53B2B Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC53B32
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                  • Part of subcall function 6CC54513: __CxxThrowException@8.LIBCMT ref: 6CC545A2
                                                                                                                  • Part of subcall function 6CC28168: GetFileSize.KERNEL32(?,?,?,?,?,6CC53B9F,?,?,00000000,?,?,?,?,00000008,6CC5EC79,?), ref: 6CC28178
                                                                                                                • InitializeCriticalSection.KERNEL32(00000002,?,00000000,00000000,00000002,?,?,00000000,?,?,?,?,00000008,6CC5EC79,?,?), ref: 6CC53BC9
                                                                                                                  • Part of subcall function 6CC280F7: WriteFile.KERNEL32(?,?,?,?,00000000,?,6CC560F1), ref: 6CC2810D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileH_prolog3$CriticalException@8InitializeSectionSizeThrowWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 593797809-0
                                                                                                                • Opcode ID: 1eda19800394d93d3867fae2bb831c5e492f7a02d60aec53c0fe371bc5382ee0
                                                                                                                • Instruction ID: 37035aa05d61d87d731c338d049931b0c292d6a7ab06952097e37509102ed9ce
                                                                                                                • Opcode Fuzzy Hash: 1eda19800394d93d3867fae2bb831c5e492f7a02d60aec53c0fe371bc5382ee0
                                                                                                                • Instruction Fuzzy Hash: 5511937151125AEFDB00CF94CE45FDEBBB8BF04708F408406A540A7A81E774EA29CBB2
                                                                                                                Function 6CC78DCD Relevance: 3.1, APIs: 2, Instructions: 54COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _vswprintf_s_vwprintf
                                                                                                                • String ID:
                                                                                                                • API String ID: 2206667278-0
                                                                                                                • Opcode ID: 7db3983e4ef954641e8d17e897b606b54b98e688d88a0d56256eb34e3f985f26
                                                                                                                • Instruction ID: 977be91eb8c583d60df4c0a6bb2d99b0738af0c9ef6bc7e6f4054e71c179f16b
                                                                                                                • Opcode Fuzzy Hash: 7db3983e4ef954641e8d17e897b606b54b98e688d88a0d56256eb34e3f985f26
                                                                                                                • Instruction Fuzzy Hash: 8A01F736100505BACB20DB55DC04D9AB76AEFA0328B20805BE718AFA10FB329565DBB0
                                                                                                                Function 6CC61315 Relevance: 3.1, APIs: 2, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC6131C
                                                                                                                  • Part of subcall function 6CC636BA: GetUserDefaultUILanguage.KERNEL32(025122C8,?,00000000,?,?,?,?,6CC61338,?,00000010,6CC35A14,?,?,?,0000004C,6CC6B498), ref: 6CC636D8
                                                                                                                • _free.LIBCMT ref: 6CC6137B
                                                                                                                  • Part of subcall function 6CC6374B: __EH_prolog3.LIBCMT ref: 6CC63752
                                                                                                                  • Part of subcall function 6CC6374B: PathFileExistsW.SHLWAPI(?,SetupResources.dll,00000000,00000738,00000000,6CC5FA6E,0000000C,6CC63A05,?,6CC1A794,?), ref: 6CC637B7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$DefaultExistsFileLanguagePathUser_free
                                                                                                                • String ID:
                                                                                                                • API String ID: 2326855983-0
                                                                                                                • Opcode ID: a008d206ea68ab36060b06517302569d240d93416e1d3f813613220d3d5d751e
                                                                                                                • Instruction ID: cc04f12b4c8ec00b78096fc070747103a8b6174febb93b5f24e97d28540209ba
                                                                                                                • Opcode Fuzzy Hash: a008d206ea68ab36060b06517302569d240d93416e1d3f813613220d3d5d751e
                                                                                                                • Instruction Fuzzy Hash: DE115BB0C0162A9BCF119FAACA819EFBB74AF04709F154466D86277F00E734D546CBE1
                                                                                                                Function 6CC48CBF Relevance: 3.1, APIs: 2, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC48CC6
                                                                                                                • PathFileExistsW.SHLWAPI(?,?,?,?), ref: 6CC48D2F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExistsFileH_prolog3Path
                                                                                                                • String ID:
                                                                                                                • API String ID: 20096932-0
                                                                                                                • Opcode ID: daa7a183defb2f213fde459197eb7f6102c62e942e76414effca463d84966b26
                                                                                                                • Instruction ID: 65b53f26c6ba54c3a292b72b91c09c1d4767051c41b6d3c5ba6b18ab3c887797
                                                                                                                • Opcode Fuzzy Hash: daa7a183defb2f213fde459197eb7f6102c62e942e76414effca463d84966b26
                                                                                                                • Instruction Fuzzy Hash: 071128716012499FDB10CFACC884E9E7BA0FF15318B50856AE995CB741EB30D914CBA1
                                                                                                                Function 640F0686 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640F068D
                                                                                                                • __recalloc.LIBCMT ref: 640F06D5
                                                                                                                  • Part of subcall function 640F83CE: __CxxThrowException@8.LIBCMT ref: 640F83E2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Exception@8H_prolog3Throw__recalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2968967773-0
                                                                                                                • Opcode ID: 611943752ab3bb608f0c319a58ed81883f71bd8d8fa841097b86c2312a5c714e
                                                                                                                • Instruction ID: 43711670d29ce49dda8ff541b8e2393aac5334ec2e6374224e26864f4a7cd2bb
                                                                                                                • Opcode Fuzzy Hash: 611943752ab3bb608f0c319a58ed81883f71bd8d8fa841097b86c2312a5c714e
                                                                                                                • Instruction Fuzzy Hash: 7C0184766087119BE350CF31CD81B4AB2E6AFD6B48F21883DDD55AB640EB30D943CA40
                                                                                                                Function 6CC78BDC Relevance: 3.1, APIs: 2, Instructions: 51COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _memmove_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 800865076-0
                                                                                                                • Opcode ID: 052af3e1cd63b7b32d93e05f0403934d3c10a9d179138d7e1437bd8bf0c64c07
                                                                                                                • Instruction ID: 46b13edf5a0b3b03063efcbe6f65170fca6e257832e9704e090f61f7794af0dc
                                                                                                                • Opcode Fuzzy Hash: 052af3e1cd63b7b32d93e05f0403934d3c10a9d179138d7e1437bd8bf0c64c07
                                                                                                                • Instruction Fuzzy Hash: D601D4B1600104AFC728CF59CCA9CAEB76DEFA4248754016EE705AB700FF71AD04C6B4
                                                                                                                Function 6CC7847A Relevance: 3.0, APIs: 2, Instructions: 38registryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegOpenKeyExW.KERNEL32(00000000,00000034,00000000,00000001,00000000,00000000,00000034,?,?,6CC3463B,00000034,00000034,00000000), ref: 6CC784A9
                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,6CC3463B,00000034,00000034,00000000), ref: 6CC784BA
                                                                                                                  • Part of subcall function 6CC78414: GetModuleHandleW.KERNEL32(Advapi32.dll,?,?,6CC7849F,00000000,00000034,00000001,00000000,00000000,00000034,?,?,6CC3463B,00000034,00000034,00000000), ref: 6CC78425
                                                                                                                  • Part of subcall function 6CC78414: GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 6CC78435
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressCloseHandleModuleOpenProc
                                                                                                                • String ID:
                                                                                                                • API String ID: 823179699-0
                                                                                                                • Opcode ID: 7ae95270d8c64caadf6d5a38cec1c66cb9fba3ae6a761c04649d510632ec1f75
                                                                                                                • Instruction ID: 2a7eac2b63504e8de24cd1f8a8054e598b20cc77fb1047d64114eacd4d5785c5
                                                                                                                • Opcode Fuzzy Hash: 7ae95270d8c64caadf6d5a38cec1c66cb9fba3ae6a761c04649d510632ec1f75
                                                                                                                • Instruction Fuzzy Hash: 5DF06272601205FFEB158F45CC51F9AB779FF00359F10811AFA15BA940E775DA20DBA0
                                                                                                                Function 6CC5B17C Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __recalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 492097735-0
                                                                                                                • Opcode ID: e2c8d846a4c28b99a7353992369d5d2677406409271000c890a6263dd5b34f6c
                                                                                                                • Instruction ID: f5907cdeae95b3c58720192c2ccc335355ae5d6644a17bdac307efb79a4c8296
                                                                                                                • Opcode Fuzzy Hash: e2c8d846a4c28b99a7353992369d5d2677406409271000c890a6263dd5b34f6c
                                                                                                                • Instruction Fuzzy Hash: FAF05EB1640201AFEF408E65CCD1A62BBA8FF18258B048060EE1DCE70AF631CC24C7A5
                                                                                                                Function 640F29EF Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640F29F6
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640DD923: __EH_prolog3.LIBCMT ref: 640DD92A
                                                                                                                  • Part of subcall function 640DD923: PathIsRelativeW.SHLWAPI(00000000,00000000,?,00000000,00000008,640EE271,00000000,?,?,00000DF0,?,?), ref: 640DD960
                                                                                                                  • Part of subcall function 640DD923: GetModuleFileNameW.KERNEL32(00000010,00000104,?,00000000,00000008,640EE271,00000000,?,?,00000DF0,?,?), ref: 640DD9BA
                                                                                                                  • Part of subcall function 640DD923: PathCombineW.SHLWAPI(?,?,?,00000000,?,00000000,00000008,640EE271,00000000,?,?,00000DF0,?,?), ref: 640DDA0D
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 640F2A33
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Path$CombineFileFreeModuleNameRelativeString
                                                                                                                • String ID:
                                                                                                                • API String ID: 2530041087-0
                                                                                                                • Opcode ID: 3653add9fcb86eaa5d3b2a6ede498d8e47d26b5a5d12d341fa01be648b7abe56
                                                                                                                • Instruction ID: eb5c2b951c5e4a32223d527922efe6070736a5397c915c0d927992debc3bfd07
                                                                                                                • Opcode Fuzzy Hash: 3653add9fcb86eaa5d3b2a6ede498d8e47d26b5a5d12d341fa01be648b7abe56
                                                                                                                • Instruction Fuzzy Hash: 88F0AC71910229BBEF019FA4CD44BAE7BB8FF1471DF408429F914B6150CB359A19DB51
                                                                                                                Function 6CC53AE6 Relevance: 3.0, APIs: 2, Instructions: 25COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • UnloadUserProfile.USERENV(6CC53AE6,6CC1BF34,?,6CC54ABC,6CC1A590,10000000,6CC1A590,80000000,6CC1A590,10000000,6CC1A5D8,6CC1A54C), ref: 6CC53AFB
                                                                                                                • CloseHandle.KERNEL32(6CC53AE6,?,6CC54ABC,6CC1A590,10000000,6CC1A590,80000000,6CC1A590,10000000,6CC1A5D8,6CC1A54C), ref: 6CC53B0D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleProfileUnloadUser
                                                                                                                • String ID:
                                                                                                                • API String ID: 2894088246-0
                                                                                                                • Opcode ID: 5b2a42946dfa3b7b7f2d4fa4dc805e208eb68ec4a2e27436e3876f61681b00da
                                                                                                                • Instruction ID: c7b09007dcac2b2db3b099736e99b6010b7f5087b9e7a5f0f13239edc2ea3e42
                                                                                                                • Opcode Fuzzy Hash: 5b2a42946dfa3b7b7f2d4fa4dc805e208eb68ec4a2e27436e3876f61681b00da
                                                                                                                • Instruction Fuzzy Hash: 0DE039317117018BEB248B15D849B23B7E8AF0062AF25880CA0AAC3C40EB75E820CA18
                                                                                                                Function 6CC4516F Relevance: 3.0, APIs: 2, Instructions: 19libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,6CC450F8,00000000,0000000C,6CC46E7F,00000000,?), ref: 6CC4517C
                                                                                                                • LoadLibraryW.KERNEL32(?,?,?,6CC450F8,00000000,0000000C,6CC46E7F,00000000,?), ref: 6CC45194
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Library$FreeLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 534179979-0
                                                                                                                • Opcode ID: a59c3acd7db84c1f4e669f3785a6323cd8f1b0eca00cb723e51cfa10a260f31a
                                                                                                                • Instruction ID: ab8333f217c0f139dfacc2d1f4b3e7b58299f909de285497ec0b56ed47825ceb
                                                                                                                • Opcode Fuzzy Hash: a59c3acd7db84c1f4e669f3785a6323cd8f1b0eca00cb723e51cfa10a260f31a
                                                                                                                • Instruction Fuzzy Hash: D1E0EC7A7007049BDB209F59D408A87BBFCEB85B15B01C829F95AD7910DB32F425CA94
                                                                                                                Function 6CC54029 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FlushFileBuffers.KERNEL32(?,?,6CC62CF3), ref: 6CC54035
                                                                                                                • CloseHandle.KERNEL32(?), ref: 6CC5404C
                                                                                                                  • Part of subcall function 6CC789C8: GetLastError.KERNEL32(6CC280E8,6CC2A9FA,?,80000000,00000001,00000003,00000080,00000000,00000000,?,?,?,?,?,00000001), ref: 6CC789C8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: BuffersCloseErrorFileFlushHandleLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 2301079650-0
                                                                                                                • Opcode ID: c9588f1e9a86dccf52e0fe0c8f28d2e3ee0f40fd3891a59d5dda8281aea7ac6e
                                                                                                                • Instruction ID: e24821e0445962496948ad98e69787ed16e09640141a905a8005122d45231c45
                                                                                                                • Opcode Fuzzy Hash: c9588f1e9a86dccf52e0fe0c8f28d2e3ee0f40fd3891a59d5dda8281aea7ac6e
                                                                                                                • Instruction Fuzzy Hash: 97D0C2312003004BDB308F34D409743B2F4FF4031AF120E0CE461D3800E770E4258614
                                                                                                                Function 640DE389 Relevance: 3.0, APIs: 2, Instructions: 12windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetParent.USER32 ref: 640DE390
                                                                                                                • PostMessageW.USER32(00000000,00000470,00000000,?), ref: 640DE3A1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageParentPost
                                                                                                                • String ID:
                                                                                                                • API String ID: 3400216365-0
                                                                                                                • Opcode ID: 10e29fbd7c85f43a8b4709b238aa2ea374ca123d87c7996b38bcd8c87adafbfc
                                                                                                                • Instruction ID: 16d26c81c7d218258ad09d330dcfd17c4d569175002ed15a6b9b3667d31128d9
                                                                                                                • Opcode Fuzzy Hash: 10e29fbd7c85f43a8b4709b238aa2ea374ca123d87c7996b38bcd8c87adafbfc
                                                                                                                • Instruction Fuzzy Hash: 69C01276048208BBDB001EE1DC09F567FAEEB8AB91F048020FB484A4A18E72A4249B58
                                                                                                                Function 00682915 Relevance: 3.0, APIs: 2, Instructions: 8memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000), ref: 0068291C
                                                                                                                • Run.SETUPENGINE ref: 00682922
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3307402281.0000000000681000.00000020.00000001.01000000.00000008.sdmp, Offset: 00680000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3307235426.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3307587395.0000000000688000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3307696958.000000000068A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_680000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: HeapInformation
                                                                                                                • String ID:
                                                                                                                • API String ID: 3918721486-0
                                                                                                                • Opcode ID: 61cd911ee02d4f900c7c806e7cc3142f6de2583ee8890f854d24ad9adeb87ad4
                                                                                                                • Instruction ID: bcdd99261585e8d48b1ba4e8c5ffad4dae2b5c140af5601dc85a60676b853856
                                                                                                                • Opcode Fuzzy Hash: 61cd911ee02d4f900c7c806e7cc3142f6de2583ee8890f854d24ad9adeb87ad4
                                                                                                                • Instruction Fuzzy Hash: 59B092B05201407EEB005B209C0CF36261EE701342F001A11B806C80A4CAA048819620
                                                                                                                Function 6CC584FF Relevance: 2.5, APIs: 2, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,6CC5FA6E,025122C8,?,?,6CC583B3,025122C8,6CC1A794,025122C8,6CC1A794,00000000), ref: 6CC5851E
                                                                                                                • MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,00000000,6CC5FA6E,025122C8,?,?,6CC583B3,025122C8,6CC1A794,025122C8,6CC1A794), ref: 6CC5853F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                • String ID:
                                                                                                                • API String ID: 626452242-0
                                                                                                                • Opcode ID: c3435f8a8cdecd925ed20519eaf1571aa253c139b8b9bc58921d768565a18ad4
                                                                                                                • Instruction ID: 8026e2b45a48160c1663c9a1489bc4577f4ae6d2e990b69d9b1878ea078bc127
                                                                                                                • Opcode Fuzzy Hash: c3435f8a8cdecd925ed20519eaf1571aa253c139b8b9bc58921d768565a18ad4
                                                                                                                • Instruction Fuzzy Hash: F4F0F6322441247BDB115A8A8C44EDF7F2DEB96B74F504106F628A75C09A30951187B4
                                                                                                                Function 6CC4878D Relevance: 1.9, APIs: 1, Instructions: 412COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC48797
                                                                                                                  • Part of subcall function 6CC25D3F: __EH_prolog3.LIBCMT ref: 6CC25D46
                                                                                                                  • Part of subcall function 6CC25D3F: GetModuleFileNameW.KERNEL32(6CC00000,00000010,00000104,?,6CC5831D,00000000), ref: 6CC25D93
                                                                                                                  • Part of subcall function 6CC424CD: __EH_prolog3.LIBCMT ref: 6CC424D4
                                                                                                                  • Part of subcall function 6CC424CD: __CxxThrowException@8.LIBCMT ref: 6CC4255B
                                                                                                                  • Part of subcall function 6CC3953C: __EH_prolog3.LIBCMT ref: 6CC39543
                                                                                                                  • Part of subcall function 6CC3953C: PathFileExistsW.SHLWAPI(00000000,?,?,?), ref: 6CC395E6
                                                                                                                  • Part of subcall function 6CC868B5: PMDtoOffset.LIBCMT ref: 6CC86989
                                                                                                                  • Part of subcall function 6CC868B5: std::bad_exception::bad_exception.LIBCMT ref: 6CC869B3
                                                                                                                  • Part of subcall function 6CC868B5: __CxxThrowException@8.LIBCMT ref: 6CC869C1
                                                                                                                  • Part of subcall function 6CC48CBF: __EH_prolog3.LIBCMT ref: 6CC48CC6
                                                                                                                  • Part of subcall function 6CC58E8B: PathCombineW.SHLWAPI(?,6CC5831D,?,75923340,?,6CC27971,00000000,DW\DW20.exe,?,?,6CC5831D,00000000), ref: 6CC58EB8
                                                                                                                  • Part of subcall function 6CC5B369: __EH_prolog3.LIBCMT ref: 6CC5B370
                                                                                                                  • Part of subcall function 6CC5B369: __recalloc.LIBCMT ref: 6CC5B3BB
                                                                                                                  • Part of subcall function 6CC5BC6D: __recalloc.LIBCMT ref: 6CC5BCAB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$Exception@8FilePathThrow__recalloc$CombineExistsModuleNameOffsetstd::bad_exception::bad_exception
                                                                                                                • String ID:
                                                                                                                • API String ID: 1089964648-0
                                                                                                                • Opcode ID: 5d40c3e249df6473e3f2585ca5c7589dbee26d82f0402dccfa74b51d07617c4a
                                                                                                                • Instruction ID: 187d79bebb2c04da9b2e8de5c9929860e97618278a79f341ca31b84e5184b7d6
                                                                                                                • Opcode Fuzzy Hash: 5d40c3e249df6473e3f2585ca5c7589dbee26d82f0402dccfa74b51d07617c4a
                                                                                                                • Instruction Fuzzy Hash: A3F16871D0125AEFCF01DFA8C884ADEBBB5BF05318F148595E814BB741E730AA59CBA1
                                                                                                                Function 6CC57889 Relevance: 1.6, APIs: 1, Instructions: 134COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC57890
                                                                                                                  • Part of subcall function 6CC7C0AA: _malloc.LIBCMT ref: 6CC7C0C4
                                                                                                                  • Part of subcall function 6CC5A226: GetTickCount.KERNEL32 ref: 6CC5A241
                                                                                                                  • Part of subcall function 6CC5A226: GetTickCount.KERNEL32 ref: 6CC5A27C
                                                                                                                  • Part of subcall function 6CC5A226: __time64.LIBCMT ref: 6CC5A282
                                                                                                                  • Part of subcall function 6CC5A226: InitializeCriticalSection.KERNEL32(00000040,?,6CC57905,?), ref: 6CC5A292
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CountTick$CriticalH_prolog3InitializeSection__time64_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 349597444-0
                                                                                                                • Opcode ID: 0089b310d478da61ea55b726fcdef69e3e5a0f91df3058ee2c5082048e4c1d12
                                                                                                                • Instruction ID: fe8d94045aee0404629ebc6dfc588cfaf4f79dd4cc051b174b0af127ddb8aa98
                                                                                                                • Opcode Fuzzy Hash: 0089b310d478da61ea55b726fcdef69e3e5a0f91df3058ee2c5082048e4c1d12
                                                                                                                • Instruction Fuzzy Hash: 1E51C974600605DFCB04DF68C898EAD37B0FF49324B1086A9F416EB7A1EB30E925CB60
                                                                                                                Function 6CC359B8 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC359BF
                                                                                                                  • Part of subcall function 6CC356A3: SysFreeString.OLEAUT32(?), ref: 6CC3578A
                                                                                                                  • Part of subcall function 6CC356A3: SysFreeString.OLEAUT32(?), ref: 6CC35799
                                                                                                                  • Part of subcall function 6CC356A3: SysFreeString.OLEAUT32(?), ref: 6CC357C7
                                                                                                                  • Part of subcall function 6CC61315: __EH_prolog3.LIBCMT ref: 6CC6131C
                                                                                                                  • Part of subcall function 6CC61315: _free.LIBCMT ref: 6CC6137B
                                                                                                                  • Part of subcall function 6CC5B17C: __recalloc.LIBCMT ref: 6CC5B18D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeString$H_prolog3$__recalloc_free
                                                                                                                • String ID:
                                                                                                                • API String ID: 2446356840-0
                                                                                                                • Opcode ID: bfad59699c06369dc6b1d84521d1d2fc3a29b275650f62c4c6ab2556bd96376a
                                                                                                                • Instruction ID: 13abee73c7edd1489ab335a292c3a7ca2fcba46a38e321765240d9766c71594a
                                                                                                                • Opcode Fuzzy Hash: bfad59699c06369dc6b1d84521d1d2fc3a29b275650f62c4c6ab2556bd96376a
                                                                                                                • Instruction Fuzzy Hash: A15119B1D0521A9FCB00CFA9D581A9EBBF0FF18304F14855ED459ABB50E7709A49CFA1
                                                                                                                Function 640F5DEE Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetWindowLongW.USER32(?,00000000,00000000), ref: 640F5E81
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LongWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1378638983-0
                                                                                                                • Opcode ID: c0e7dae4d2d3bc76023b4fb855a63ed23a7fe16840988df4ad42bc0c1b9c123b
                                                                                                                • Instruction ID: 79f70c1fe5b9a2f850a6b016384fa8b88e0ce66f11cb91f7cda73b6f1d6ae939
                                                                                                                • Opcode Fuzzy Hash: c0e7dae4d2d3bc76023b4fb855a63ed23a7fe16840988df4ad42bc0c1b9c123b
                                                                                                                • Instruction Fuzzy Hash: 2B218D39500714AFCB69CF15C884B8EBBF5EF89310F10852AFC569B252D331E996CB91
                                                                                                                Function 640F3EF9 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Parent
                                                                                                                • String ID:
                                                                                                                • API String ID: 975332729-0
                                                                                                                • Opcode ID: b4cb12b43b8b61d28ca7a564e297d7b324b5caf20babcd82fa311cf738d517b2
                                                                                                                • Instruction ID: 7a78e33449f8cf0abbbe55d19d4af68b1f6227a67d38dd9ef8c34dcd49d3d2d9
                                                                                                                • Opcode Fuzzy Hash: b4cb12b43b8b61d28ca7a564e297d7b324b5caf20babcd82fa311cf738d517b2
                                                                                                                • Instruction Fuzzy Hash: 29118E31354532DFDB849B78CC4472973F9EB9E326B500839E856C7640DB30D80ADB62
                                                                                                                Function 6CC636BA Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 6CC666E5: __EH_prolog3.LIBCMT ref: 6CC666EC
                                                                                                                  • Part of subcall function 6CC666E5: GetCommandLineW.KERNEL32(00000024,6CC636CF,00000000,?,?,?,?,6CC61338,?,00000010,6CC35A14,?,?,?,0000004C,6CC6B498), ref: 6CC666F3
                                                                                                                  • Part of subcall function 6CC666E5: GetUserDefaultUILanguage.KERNEL32(00000738,00000000,00000000,?,?,?,6CC61338,?,00000010,6CC35A14,?,?,?,0000004C,6CC6B498,?), ref: 6CC6672F
                                                                                                                  • Part of subcall function 6CC66782: __EH_prolog3.LIBCMT ref: 6CC66789
                                                                                                                  • Part of subcall function 6CC66782: CoInitialize.OLE32(00000000), ref: 6CC667DD
                                                                                                                  • Part of subcall function 6CC66782: CoCreateInstance.OLE32(6CC1A974,00000000,00000017,6CC1A9A4,6CC5FA6E,?,?,?,UiInfo.xml,?,00000000,00000044,6CC636D8,025122C8,?,00000000), ref: 6CC667FB
                                                                                                                • GetUserDefaultUILanguage.KERNEL32(025122C8,?,00000000,?,?,?,?,6CC61338,?,00000010,6CC35A14,?,?,?,0000004C,6CC6B498), ref: 6CC636D8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DefaultH_prolog3LanguageUser$CommandCreateInitializeInstanceLine
                                                                                                                • String ID:
                                                                                                                • API String ID: 4049621043-0
                                                                                                                • Opcode ID: a4c2f5a182e218d02f866e265524bcd154196507ce2f29c76a499df2775069a0
                                                                                                                • Instruction ID: faebdb16981daaa5ba8ecc446de98fb2706cb69312cc931701d8d373638f1caa
                                                                                                                • Opcode Fuzzy Hash: a4c2f5a182e218d02f866e265524bcd154196507ce2f29c76a499df2775069a0
                                                                                                                • Instruction Fuzzy Hash: 5F01AD716046415BE3108E7BCAC089AB795EF85278B68832DE5B587FE0FB30E8058B95
                                                                                                                Function 640EBC2B Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetWindowLongW.USER32(?,000000FC,?), ref: 640EBC91
                                                                                                                  • Part of subcall function 640DE7D4: GetThreadLocale.KERNEL32(?,?,640DEB27), ref: 640DE7DE
                                                                                                                  • Part of subcall function 640DE7D4: GetThreadLocale.KERNEL32(?,?,640DEB27), ref: 640DE7ED
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LocaleThread$LongWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2581572359-0
                                                                                                                • Opcode ID: c60088a7dc0a2ac83b13b5896506d4844acd6d859dd355de5363d75474ed7ca1
                                                                                                                • Instruction ID: 9f0bbf33c853e1468e69caea2d960c1ebfcf8f2ccac6204ff8b6fa335538034a
                                                                                                                • Opcode Fuzzy Hash: c60088a7dc0a2ac83b13b5896506d4844acd6d859dd355de5363d75474ed7ca1
                                                                                                                • Instruction Fuzzy Hash: A601C4316183259FDB20DF22C985B7A7BF8EF41318B01C439E82997250DF30E456CB91
                                                                                                                Function 6CC2BE52 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 431132790-0
                                                                                                                • Opcode ID: 27c582af2df05e2aff09b5d086a41262eb678ca1211792dede2725230fc67e46
                                                                                                                • Instruction ID: 62e90a9bb2fdd3d749152dc56d4c6ef2d3491ac511dcfe72c5aac81fcca48e42
                                                                                                                • Opcode Fuzzy Hash: 27c582af2df05e2aff09b5d086a41262eb678ca1211792dede2725230fc67e46
                                                                                                                • Instruction Fuzzy Hash: 8211AD70A01618EFCB00DFA8C88099DBBB9BF08B18B20C159F41ADF790D734DA05CBA0
                                                                                                                Function 640EF024 Relevance: 1.5, APIs: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindResourceW.KERNEL32(?,?,00000006,64112F8C,00000000,?,640EF018,00000000,?,00000000,?,?,?,?,?,640EE923), ref: 640EF03D
                                                                                                                  • Part of subcall function 640F7A10: LoadResource.KERNEL32(?,?,?,?,640EF053,?,00000000,?,640EF018,00000000,?,00000000,?,?), ref: 640F7A1E
                                                                                                                  • Part of subcall function 640F7A10: LockResource.KERNEL32(00000000,64112F8C,?,640EF053,?,00000000,?,640EF018,00000000,?,00000000,?,?), ref: 640F7A2A
                                                                                                                  • Part of subcall function 640F7A10: SizeofResource.KERNEL32(?,?,?,640EF053,?,00000000,?,640EF018,00000000,?,00000000,?,?), ref: 640F7A3C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Resource$FindLoadLockSizeof
                                                                                                                • String ID:
                                                                                                                • API String ID: 3473537107-0
                                                                                                                • Opcode ID: 2f85db84022ce421152e9df9f8ace881e745faa1d547da235a64a92ffc52622d
                                                                                                                • Instruction ID: 0bd9427fa24e239ebef57efcb9c15cd64afc686fe67e4efa50a87cd8370c72e7
                                                                                                                • Opcode Fuzzy Hash: 2f85db84022ce421152e9df9f8ace881e745faa1d547da235a64a92ffc52622d
                                                                                                                • Instruction Fuzzy Hash: 7BF062327041657BA7605A2A9C80E7B77DDDBC56A8B504131FD59D7140EB35CD228770
                                                                                                                Function 640F81DE Relevance: 1.5, APIs: 1, Instructions: 46COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _memcpy_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 2001391462-0
                                                                                                                • Opcode ID: b898fa4d53f8991dd7e121ca56a6c2b38016f6bb2b03f7fb3238143eedfce1e4
                                                                                                                • Instruction ID: 9b0d1f05eeb14f6e5f95abcc7d094b1ced7f46415a3b99c33facbd7922ceeb7c
                                                                                                                • Opcode Fuzzy Hash: b898fa4d53f8991dd7e121ca56a6c2b38016f6bb2b03f7fb3238143eedfce1e4
                                                                                                                • Instruction Fuzzy Hash: BC011A76600614AFD710DF99C884D9AB7B8FF49358710456AF9158B311D770ED05CBA0
                                                                                                                Function 6CC78C9E Relevance: 1.5, APIs: 1, Instructions: 46COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _memcpy_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 2001391462-0
                                                                                                                • Opcode ID: 418c8faa8bb17f4116f65aeaec1898627a1780b09b30d3fe84bd4296820e32b2
                                                                                                                • Instruction ID: ef8fa3d68ac2c0e65e163b52fabb269e41fa3c64f9b0f5db113cfb4e05408d5a
                                                                                                                • Opcode Fuzzy Hash: 418c8faa8bb17f4116f65aeaec1898627a1780b09b30d3fe84bd4296820e32b2
                                                                                                                • Instruction Fuzzy Hash: A1015A76601208AFC721DF98C884C9AB7B9FF89354711456AF915DB310E770ED04CB70
                                                                                                                Function 640E698A Relevance: 1.5, APIs: 1, Instructions: 34fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ReadFile.KERNELBASE(?,00000000,?,00000000,00000000), ref: 640E69B3
                                                                                                                  • Part of subcall function 640F7F08: GetLastError.KERNEL32(640F7B0B,?,?,?,00000000), ref: 640F7F08
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFileLastRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 1948546556-0
                                                                                                                • Opcode ID: b27a5dbf1b565f0dfcd57e18f68cddbcd36fca0634436939effc9ea290c72422
                                                                                                                • Instruction ID: aa52d51e8a09f0ff6d55a7a9015af11a84fde229fe20ee7e201023d1115030b2
                                                                                                                • Opcode Fuzzy Hash: b27a5dbf1b565f0dfcd57e18f68cddbcd36fca0634436939effc9ea290c72422
                                                                                                                • Instruction Fuzzy Hash: CFF0B435210229EFDB04CF54D904BAE37B8EB45318F40552CBA11DB290DB78DA24DF11
                                                                                                                Function 6CC2A1FF Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3_catch
                                                                                                                • String ID:
                                                                                                                • API String ID: 3886170330-0
                                                                                                                • Opcode ID: 0a7cfde8dce30fb4241dc153dd12b3ca324097a0858af6954be0c5b99d2f08ce
                                                                                                                • Instruction ID: d37511ff56e303b62e6820f3f8657009de0cdeeb31c4442928420309505b6be9
                                                                                                                • Opcode Fuzzy Hash: 0a7cfde8dce30fb4241dc153dd12b3ca324097a0858af6954be0c5b99d2f08ce
                                                                                                                • Instruction Fuzzy Hash: 39F06270A11705EFDB14CF68C905B8D3F65BF89354F208158B858DB390DB75DA01CB50
                                                                                                                Function 640F7F22 Relevance: 1.5, APIs: 1, Instructions: 32fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNELBASE(00002100,00000002,00000000,640F7BC3,C0000000,?,00000000,?,?,640F7BC3,?,C0000000,00000000,00000002,00002100,?), ref: 640F7F5C
                                                                                                                  • Part of subcall function 640F7E95: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,640F7F46,00002100,00000002,00000000,640F7BC3,C0000000,?,?,?,640F7BC3,?,C0000000,00000000), ref: 640F7EA6
                                                                                                                  • Part of subcall function 640F7E95: GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 640F7EB6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressCreateFileHandleModuleProc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2580138172-0
                                                                                                                • Opcode ID: 1dea3af1f0e76db843f1149855b8050f2267baa78645c830fcc4118e1834f743
                                                                                                                • Instruction ID: d29503d6b31d6883d65e24d3eb4673883fc0f6cf5c849f59a86108f5192ecf52
                                                                                                                • Opcode Fuzzy Hash: 1dea3af1f0e76db843f1149855b8050f2267baa78645c830fcc4118e1834f743
                                                                                                                • Instruction Fuzzy Hash: C5F0AF3250416ABBCF42AEA4DC00ACA7F66EF09360F008121FE24561A0C7329876BB92
                                                                                                                Function 6CC2809D Relevance: 1.5, APIs: 1, Instructions: 32fileCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(?,?,?,?,00000000,?,00000000,00000001,?,6CC2A9FA,?,80000000,00000001,00000003,00000080,00000000), ref: 6CC280D7
                                                                                                                  • Part of subcall function 6CC789E2: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,6CC280C1,?,?,?,?,00000000,?,00000001,?,6CC2A9FA,?,80000000,00000001), ref: 6CC789F3
                                                                                                                  • Part of subcall function 6CC789E2: GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 6CC78A03
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressCreateFileHandleModuleProc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2580138172-0
                                                                                                                • Opcode ID: ff7d261d8ac9826db04e91f584539674b3151d4fe36ef2c52d831ab5ccb58757
                                                                                                                • Instruction ID: 0e833d777175962e33d564236f4a91d96acaa7837058dcb20f5b642408872e03
                                                                                                                • Opcode Fuzzy Hash: ff7d261d8ac9826db04e91f584539674b3151d4fe36ef2c52d831ab5ccb58757
                                                                                                                • Instruction Fuzzy Hash: D4F0AF3310011ABBCF125EA5DC01DCABF26FF19324F158116FA2466960E336D572EBA1
                                                                                                                Function 6CC74C0C Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 431132790-0
                                                                                                                • Opcode ID: 1dc27bde47576115cf7658d6a314fe806fa5f64e4aa60ded8f3b50fbfa11c4eb
                                                                                                                • Instruction ID: 414f69aa8cf64867af81810453cfbe90fe312607606b0c95943212169eb54494
                                                                                                                • Opcode Fuzzy Hash: 1dc27bde47576115cf7658d6a314fe806fa5f64e4aa60ded8f3b50fbfa11c4eb
                                                                                                                • Instruction Fuzzy Hash: 6F01EFB5600B01AFD721CF25C481B6ABBF1FF08704F008A1DE8998BB50D334E9549FA0
                                                                                                                Function 6CC29E49 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3_catch
                                                                                                                • String ID:
                                                                                                                • API String ID: 3886170330-0
                                                                                                                • Opcode ID: 7d3b8acb883066039fe87947f2db933805318c257d0d9ef36a5f3077de116842
                                                                                                                • Instruction ID: ae1bf82bbfc85a22dd7bf9f152f52682c21137bb045a807100c9d40860445c61
                                                                                                                • Opcode Fuzzy Hash: 7d3b8acb883066039fe87947f2db933805318c257d0d9ef36a5f3077de116842
                                                                                                                • Instruction Fuzzy Hash: 2AF06D30601209EFDB10CF68C905B9E3BA0AF45368F248158B805EF380DB35EE00CBA1
                                                                                                                Function 6CC72306 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 431132790-0
                                                                                                                • Opcode ID: 16539ab84cc991e865e132ff669dd427cc76f2464b18bb6f54a0b1f3acac92aa
                                                                                                                • Instruction ID: 9f82474485ed74d97d793fca0d31dd6a590748c9384314257d3539ee1e832363
                                                                                                                • Opcode Fuzzy Hash: 16539ab84cc991e865e132ff669dd427cc76f2464b18bb6f54a0b1f3acac92aa
                                                                                                                • Instruction Fuzzy Hash: 1E01EFB5600B01AFD721CF25C441B6ABBF1FF08704F108A1DE8998BB50D334E9149FA4
                                                                                                                Function 640E507E Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E5085
                                                                                                                  • Part of subcall function 640E2661: __EH_prolog3.LIBCMT ref: 640E2668
                                                                                                                  • Part of subcall function 640E2996: __EH_prolog3.LIBCMT ref: 640E299D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 431132790-0
                                                                                                                • Opcode ID: f6b151ef15ec93f0d51c4fa138d3f36f69db6f0da4c1a9b934d81ed5bfcc3c2c
                                                                                                                • Instruction ID: 88deb0758556718ef5ae2a618d6e7516e0d49c44af7a22205701dac7d2a0eea5
                                                                                                                • Opcode Fuzzy Hash: f6b151ef15ec93f0d51c4fa138d3f36f69db6f0da4c1a9b934d81ed5bfcc3c2c
                                                                                                                • Instruction Fuzzy Hash: 4CF01D76000609DFDB11CF59C980BDAB7F4BF14718F00C55EE95A9B241DB30EA65CBA5
                                                                                                                Function 6CC553E5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 431132790-0
                                                                                                                • Opcode ID: 12d81cfd6b1814c029e4ce5e08c30956ce3c37dad896410b338a6836f6029635
                                                                                                                • Instruction ID: 68d8305b167a18ad3c11d29a1ea7250fdace91e709cfc14efdf5bdc4c5ac5dcf
                                                                                                                • Opcode Fuzzy Hash: 12d81cfd6b1814c029e4ce5e08c30956ce3c37dad896410b338a6836f6029635
                                                                                                                • Instruction Fuzzy Hash: 00F0E2319011499ECF11CBB4C5107EDBB216F1130DF90805084547BBA0E735A67DE765
                                                                                                                Function 6CC27C6E Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC27C75
                                                                                                                  • Part of subcall function 6CC27CE8: __EH_prolog3.LIBCMT ref: 6CC27CEF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 431132790-0
                                                                                                                • Opcode ID: 1a18231a28fefa1dd08769e9b61b473662e4cc59bb80a6749654590098221fbc
                                                                                                                • Instruction ID: 5cc65d81f3950dab5915c15db76557542cfd99a00b129353520709e10632304d
                                                                                                                • Opcode Fuzzy Hash: 1a18231a28fefa1dd08769e9b61b473662e4cc59bb80a6749654590098221fbc
                                                                                                                • Instruction Fuzzy Hash: 34F01274705A029BD748CF3488517D9F691BF48308F51412E911DE7741E7306419CBD4
                                                                                                                Function 640F7E56 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetFilePointer.KERNELBASE(?,?,00000006,?,?,?,?,640DDAC1,?,00000000,00000000,00000002,?,80000000,00000001,00000003), ref: 640F7E76
                                                                                                                  • Part of subcall function 640F7F08: GetLastError.KERNEL32(640F7B0B,?,?,?,00000000), ref: 640F7F08
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFileLastPointer
                                                                                                                • String ID:
                                                                                                                • API String ID: 2976181284-0
                                                                                                                • Opcode ID: 8e6428755c965a5de0decfa48fafd108248ef076a4b1c5822b0fa3e5b9db9bc3
                                                                                                                • Instruction ID: 2211b6d1b8e2ce6cb00bbd5bfaadbbe878a15146224e127403fe7135760c986e
                                                                                                                • Opcode Fuzzy Hash: 8e6428755c965a5de0decfa48fafd108248ef076a4b1c5822b0fa3e5b9db9bc3
                                                                                                                • Instruction Fuzzy Hash: 70E09A71600208BF9B44DFA4CC40E8E7BF9EB09324B10422AFD25C3290EB70EE14DB22
                                                                                                                Function 640E77A9 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 640E77CF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3850602802-0
                                                                                                                • Opcode ID: 78281942a8a0611968b1cb7ab831a9a61fa24e28853e2f0669cbf099832d4db8
                                                                                                                • Instruction ID: a807a5ad060c4ef7e9e77e8c5af57767b24a2b35cf523879f1d30b19b111aa35
                                                                                                                • Opcode Fuzzy Hash: 78281942a8a0611968b1cb7ab831a9a61fa24e28853e2f0669cbf099832d4db8
                                                                                                                • Instruction Fuzzy Hash: 16E01A306406109FD7209F21ED49F2ABBA6FF86B15F104569F59A9B5A5CB31E841DA00
                                                                                                                Function 640DB93E Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640DB945
                                                                                                                  • Part of subcall function 640F830D: _vwprintf.LIBCMT ref: 640F8353
                                                                                                                  • Part of subcall function 640F830D: _vswprintf_s.LIBCMT ref: 640F8378
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3_vswprintf_s_vwprintf
                                                                                                                • String ID:
                                                                                                                • API String ID: 3682816334-0
                                                                                                                • Opcode ID: fd7cca419d7f016861c493beb60c8912cb114fc2ecea7fcfab98dd68e132a6fa
                                                                                                                • Instruction ID: 0b1b3f26fda4304a62151ef2ec9c0cf588ebd6edfef105ec0ac1c35f7fbbbb41
                                                                                                                • Opcode Fuzzy Hash: fd7cca419d7f016861c493beb60c8912cb114fc2ecea7fcfab98dd68e132a6fa
                                                                                                                • Instruction Fuzzy Hash: 65F01C7560011ADFDF00DFA1C884AEDB7B5FF40B1CF418428E924AB251DB74DA56CB51
                                                                                                                Function 6CC239AD Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC239B4
                                                                                                                  • Part of subcall function 6CC78DCD: _vwprintf.LIBCMT ref: 6CC78E13
                                                                                                                  • Part of subcall function 6CC78DCD: _vswprintf_s.LIBCMT ref: 6CC78E38
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3_vswprintf_s_vwprintf
                                                                                                                • String ID:
                                                                                                                • API String ID: 3682816334-0
                                                                                                                • Opcode ID: e1d881aa9b9e3465fdb6d830abbb8c8c14f163f3be04074704c802823d12fca4
                                                                                                                • Instruction ID: 0d653da4ad2a867535cebfc3a830e94ae330dd4dda3e8c0a0090304d5dd71ad0
                                                                                                                • Opcode Fuzzy Hash: e1d881aa9b9e3465fdb6d830abbb8c8c14f163f3be04074704c802823d12fca4
                                                                                                                • Instruction Fuzzy Hash: FAF0F23062014A9BCB00DFA4C808EAEBBB6FF40318F048819E9509B650EB30DA19CBA1
                                                                                                                Function 6CC28129 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetFilePointer.KERNEL32(?,?,?,00000000,?,?,?,6CC2AA3A,?,00000000,00000000,00000002,?,80000000,00000001,00000003), ref: 6CC28149
                                                                                                                  • Part of subcall function 6CC789C8: GetLastError.KERNEL32(6CC280E8,6CC2A9FA,?,80000000,00000001,00000003,00000080,00000000,00000000,?,?,?,?,?,00000001), ref: 6CC789C8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFileLastPointer
                                                                                                                • String ID:
                                                                                                                • API String ID: 2976181284-0
                                                                                                                • Opcode ID: c01a9fec447f87f4b9fab42a865e5c42ec8219d844c13d11d6f42c96d7feff4a
                                                                                                                • Instruction ID: ac38076f01e8df80c22d42fa185da92710787d8b75c6e35e948703166303a049
                                                                                                                • Opcode Fuzzy Hash: c01a9fec447f87f4b9fab42a865e5c42ec8219d844c13d11d6f42c96d7feff4a
                                                                                                                • Instruction Fuzzy Hash: 32E09A72600108BF8B04CFA8C840C8E7BB8EB09324B10461AF925D32C0EB70EA00EB60
                                                                                                                Function 6CC2395E Relevance: 1.5, APIs: 1, Instructions: 22COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC23965
                                                                                                                  • Part of subcall function 6CC58C24: __EH_prolog3.LIBCMT ref: 6CC58C2B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 431132790-0
                                                                                                                • Opcode ID: d039d17912a9c901f7e316f69a0e0d86e80ae1343eecf6d3fd2b4859b57009c5
                                                                                                                • Instruction ID: 3bb407c4281790a7d00c5c4b80ae06673bb2cc40e87a6d1c19efc1982164fafe
                                                                                                                • Opcode Fuzzy Hash: d039d17912a9c901f7e316f69a0e0d86e80ae1343eecf6d3fd2b4859b57009c5
                                                                                                                • Instruction Fuzzy Hash: 08F0397151150AEFCB10DBB8C904B9EBB62FF0031CF108645E2109BB91EB31E928DB65
                                                                                                                Function 6CC2391D Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC23924
                                                                                                                  • Part of subcall function 6CC5833E: __EH_prolog3.LIBCMT ref: 6CC58345
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 431132790-0
                                                                                                                • Opcode ID: acc525f90a805933b39dcf739c6d5649ed3e53d1bef5e1ade7554200851aab42
                                                                                                                • Instruction ID: 2a86e6d46a9f9963e18aea3155e8a48318fda2a1632802ea950d29f9eaeacc79
                                                                                                                • Opcode Fuzzy Hash: acc525f90a805933b39dcf739c6d5649ed3e53d1bef5e1ade7554200851aab42
                                                                                                                • Instruction Fuzzy Hash: FBE01239612609EFCB01CF58C940B9EBBA1FF08318F00C005FA599BB60D730EA24EB51
                                                                                                                Function 6CC280F7 Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WriteFile.KERNEL32(?,?,?,?,00000000,?,6CC560F1), ref: 6CC2810D
                                                                                                                  • Part of subcall function 6CC789C8: GetLastError.KERNEL32(6CC280E8,6CC2A9FA,?,80000000,00000001,00000003,00000080,00000000,00000000,?,?,?,?,?,00000001), ref: 6CC789C8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 442123175-0
                                                                                                                • Opcode ID: 9065bbf6cd6971f192a1cef9ab379c4228269dd0f7cc8e56b212406013015c07
                                                                                                                • Instruction ID: 314a9b2e7fa901049375ce1a731ef00463d7859b8e73692cc06a15ffe95ae544
                                                                                                                • Opcode Fuzzy Hash: 9065bbf6cd6971f192a1cef9ab379c4228269dd0f7cc8e56b212406013015c07
                                                                                                                • Instruction Fuzzy Hash: D1D01732204208BFDB018EA6CC01E9A7BBDFB45314F004026FA14C6550EB72D420DB62
                                                                                                                Function 6CC58380 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 6CC58387
                                                                                                                  • Part of subcall function 6CC584FF: MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,6CC5FA6E,025122C8,?,?,6CC583B3,025122C8,6CC1A794,025122C8,6CC1A794,00000000), ref: 6CC5851E
                                                                                                                  • Part of subcall function 6CC584FF: MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,00000000,6CC5FA6E,025122C8,?,?,6CC583B3,025122C8,6CC1A794,025122C8,6CC1A794), ref: 6CC5853F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 692526729-0
                                                                                                                • Opcode ID: 1bdee2b27be42012ca812788bc236d4f5e25ca1ba2da3d90bc9b49ee57e7e025
                                                                                                                • Instruction ID: d7e32777f216db4047d0a9605d9e5de1b272c15429dbb087ef8a6f8be797e6b3
                                                                                                                • Opcode Fuzzy Hash: 1bdee2b27be42012ca812788bc236d4f5e25ca1ba2da3d90bc9b49ee57e7e025
                                                                                                                • Instruction Fuzzy Hash: 9DE0123515151467DB026F548911FCE37115F0175DF448005E9406FB40EB358A3957AA
                                                                                                                Function 6CC5833E Relevance: 1.5, APIs: 1, Instructions: 18COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 431132790-0
                                                                                                                • Opcode ID: 94823fb4115fe9af07f24d6eaa4499843c98662d0749ea53b9983d47d9452a43
                                                                                                                • Instruction ID: 2ae7557894fde1c2a9c80d819d8790b5d6477aba7d9a6f8d689f7e4bd3630820
                                                                                                                • Opcode Fuzzy Hash: 94823fb4115fe9af07f24d6eaa4499843c98662d0749ea53b9983d47d9452a43
                                                                                                                • Instruction Fuzzy Hash: 77E0123511251467DF116B608911FCE37119F0175DF04C001E9407FB50E735CA3957BA
                                                                                                                Function 640DFF14 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • EnumChildWindows.USER32(?,Function_0000FF39,?), ref: 640DFF21
                                                                                                                  • Part of subcall function 640E007B: SetWindowPos.USER32(?,?,00000000,00000000,00000000,00000000,00000003,?,?), ref: 640E00A9
                                                                                                                  • Part of subcall function 640E007B: SetWindowPos.USER32(0000000C,?,00000000,00000000,00000000,00000000,00000003,?,?), ref: 640E00E6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$ChildEnumWindows
                                                                                                                • String ID:
                                                                                                                • API String ID: 1604351572-0
                                                                                                                • Opcode ID: 7bdefb5c0af669c7a63828a7a37c0eaf5e4df4cfe4fb8d27bb2432b25bc39b66
                                                                                                                • Instruction ID: a836816fc8be82ce3a8f9c8f620f907b06b90b17871e772e513a3e0ea7bd94d7
                                                                                                                • Opcode Fuzzy Hash: 7bdefb5c0af669c7a63828a7a37c0eaf5e4df4cfe4fb8d27bb2432b25bc39b66
                                                                                                                • Instruction Fuzzy Hash: F3C04C3601A5307BA6353F75A808EAF2D9FEE872AC3194056F544960144E154C569AE5
                                                                                                                Function 6CC854F2 Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlFreeHeap.NTDLL(?,00000000,00000000), ref: 6CC85505
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 3298025750-0
                                                                                                                • Opcode ID: bba1eaedf8d6d417a7265b0178a33c049a1d99dfda54a52735d6b27c16b1f4d9
                                                                                                                • Instruction ID: 5e47f71214b792a8160c28cea1de00c35bf8c6a4a1a774ca9017ee1b5fe2883f
                                                                                                                • Opcode Fuzzy Hash: bba1eaedf8d6d417a7265b0178a33c049a1d99dfda54a52735d6b27c16b1f4d9
                                                                                                                • Instruction Fuzzy Hash: DCC08C32101208FBDB124E80CC09F9ABF7AEB80768F24C028B61D088A0C7B3D5A1DA84
                                                                                                                Function 6CC591AF Relevance: 1.5, APIs: 1, Instructions: 11comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CoCreateInstance.OLE32(6CC1A974,00000000,00000017,6CC1A9A4,?,?,6CC2B029,?,0000002C,6CC6D55B,?,?,?,?,00000001), ref: 6CC591C5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateInstance
                                                                                                                • String ID:
                                                                                                                • API String ID: 542301482-0
                                                                                                                • Opcode ID: 683d7da1c64f6b9b91e7b4c7678bbb6083efcbe8e726f2570c4bbfe3d47ebe98
                                                                                                                • Instruction ID: 881a4a68b396eed61374ce9fb34c759d3be32ba884440b89d2aff27bcd7b5d2f
                                                                                                                • Opcode Fuzzy Hash: 683d7da1c64f6b9b91e7b4c7678bbb6083efcbe8e726f2570c4bbfe3d47ebe98
                                                                                                                • Instruction Fuzzy Hash: A6C02B3228820CBBC71015C3DC05FA5FE38C7C4718F024001B30818C8356729450B969
                                                                                                                Function 6CC854D6 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 6CC854E3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: 3ecad604fcf8f2fef16ad70d6c498b350bc8da4f112e4d5598b405bce251fb91
                                                                                                                • Instruction ID: f72cf46e9dd46b193ae5cd9ceda547fb7cab43e4368515af24bd5b005b7cc205
                                                                                                                • Opcode Fuzzy Hash: 3ecad604fcf8f2fef16ad70d6c498b350bc8da4f112e4d5598b405bce251fb91
                                                                                                                • Instruction Fuzzy Hash: EBC09B36140108BBCB111A45DC05F45FF79D795755F15C055F608054528773D421D694
                                                                                                                Function 6CC2C53D Relevance: 1.3, APIs: 1, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetLastError.KERNEL32(?,6CC5A320,9B5DCFA9,?,?), ref: 6CC2C55E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 1452528299-0
                                                                                                                • Opcode ID: 729a3e6d9a836baf2ac5baeb68cf18971120879157ca461496eac2cbd3f18c0d
                                                                                                                • Instruction ID: 12a791b7b3ac9766fc16d78a3f3362db34a1c3bc6a22901cc117c5114a247fae
                                                                                                                • Opcode Fuzzy Hash: 729a3e6d9a836baf2ac5baeb68cf18971120879157ca461496eac2cbd3f18c0d
                                                                                                                • Instruction Fuzzy Hash: BD118272741301AFF724DF25D916B26BBF4EB00714F10853EE246DA9D0EB78E5049B54
                                                                                                                Function 6CC80EDA Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • HeapAlloc.KERNEL32(00000008,?,00000000,?,6CC7D777,6CC7C0C9,?,00000000,00000000,00000000,?,6CC7D37E,00000001,00000214,?,6CC5831D), ref: 6CC80F1D
                                                                                                                  • Part of subcall function 6CC7BD29: __getptd_noexit.LIBCMT ref: 6CC7BD29
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3318210342.000000006CC01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CC00000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318104940.000000006CC00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318514941.000000006CCAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318615699.000000006CCAF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318724380.000000006CCB7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318832921.000000006CCBA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6cc00000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocHeap__getptd_noexit
                                                                                                                • String ID:
                                                                                                                • API String ID: 117620836-0
                                                                                                                • Opcode ID: ea92cb15e16dbae506035977892a54fb601a022f895d290fc1c602077bba8756
                                                                                                                • Instruction ID: 2575d8cbdb7b1dcf20cbc50cea69ae1c52dd18cda7b1e1e938e6e557716455bb
                                                                                                                • Opcode Fuzzy Hash: ea92cb15e16dbae506035977892a54fb601a022f895d290fc1c602077bba8756
                                                                                                                • Instruction Fuzzy Hash: 3101B1313076959FEB198F66D914B5B3BA4AF8236DF11C669F829DA980E770D400C750
                                                                                                                Function 64101C56 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • HeapAlloc.KERNEL32(?,00000000,?), ref: 64101C63
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 4292702814-0
                                                                                                                • Opcode ID: 42fec8e047810b8a5689a0af7fb10ddf66771474a6f52089f9eeb05b8dd1602f
                                                                                                                • Instruction ID: 457ce75976044267a39104cdbdd80103fb6e74e740f500880223e59973b052fd
                                                                                                                • Opcode Fuzzy Hash: 42fec8e047810b8a5689a0af7fb10ddf66771474a6f52089f9eeb05b8dd1602f
                                                                                                                • Instruction Fuzzy Hash: DDC09B36044108B7CB111E81DC05F45BF6AE7D5750F148021F608090518B73D421D7D4

                                                                                                                Non-executed Functions

                                                                                                                Function 6E334281 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 270filethreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 6E3342CF
                                                                                                                  • Part of subcall function 6E33443B: LoadLibraryW.KERNEL32(SensApi.dll,00000000,?), ref: 6E334452
                                                                                                                  • Part of subcall function 6E33443B: GetProcAddress.KERNEL32(00000000,IsNetworkAlive), ref: 6E334468
                                                                                                                  • Part of subcall function 6E33443B: FreeLibrary.KERNEL32(00000000), ref: 6E33447F
                                                                                                                  • Part of subcall function 6E333E29: RegOpenKeyExW.ADVAPI32(?,?,00000000,-00020018,00000000,80000002,CEIPEnable,00000002), ref: 6E333E94
                                                                                                                  • Part of subcall function 6E333E29: RegQueryValueExW.ADVAPI32(00000000,00000002,00000000,?,?,00000004), ref: 6E333EB0
                                                                                                                  • Part of subcall function 6E333E29: RegCloseKey.ADVAPI32(00000000), ref: 6E333ECE
                                                                                                                • EnterCriticalSection.KERNEL32(00000030,?,00000104,?,80000002,Software\Microsoft\SQMClient,DoNotDeleteFileAfterUpload,?,00000000,?,6E350168), ref: 6E33434C
                                                                                                                • FindFirstFileW.KERNEL32(?,?,?,6E350168), ref: 6E334392
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,6E350168), ref: 6E3343CD
                                                                                                                • ctype.LIBCPMT ref: 6E3343F5
                                                                                                                • FindNextFileW.KERNEL32(?,00000010,?,6E350168), ref: 6E33B9A3
                                                                                                                • FindClose.KERNEL32(?,?,6E350168), ref: 6E33B9BD
                                                                                                                • ResetEvent.KERNEL32(?,?,6E350168), ref: 6E33B9DD
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,6E33BC8D,00000000,00000000,00000054), ref: 6E33B9FB
                                                                                                                  • Part of subcall function 6E33B850: realloc.MSVCRT ref: 6E33B88E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Find$CloseCriticalFileLibrarySection$AddressCreateEnterEventFirstFreeLeaveLoadNextOpenProcQueryResetThreadValuectypememsetrealloc
                                                                                                                • String ID: DoNotDeleteFileAfterUpload$Software\Microsoft\SQMClient$W
                                                                                                                • API String ID: 746345222-799691104
                                                                                                                • Opcode ID: dcc24ace0b84ee1658dc52448e96e0c540d620ee5c66f87dc5a071e08226bc6d
                                                                                                                • Instruction ID: 6c8e9b45f707800dc9a81e91a29a1e0657dcec7d330362035168a8b0c9ac92d2
                                                                                                                • Opcode Fuzzy Hash: dcc24ace0b84ee1658dc52448e96e0c540d620ee5c66f87dc5a071e08226bc6d
                                                                                                                • Instruction Fuzzy Hash: C2B18FB05006A9DFCB908FA4CC84F99B7B9BF05308F2045A9E658DB261E732DD95CF51
                                                                                                                Function 6E348097 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 166fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 6E3480D6
                                                                                                                • memset.MSVCRT ref: 6E3480EF
                                                                                                                  • Part of subcall function 6E3318E5: _vsnwprintf.MSVCRT ref: 6E331913
                                                                                                                • FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,1000FFFF,00000000), ref: 6E3481D8
                                                                                                                  • Part of subcall function 6E3499F8: EtwTraceMessage.NTDLL ref: 6E349A13
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memset$FileFindFirstMessageTrace_vsnwprintf
                                                                                                                • String ID: %s\%s$W
                                                                                                                • API String ID: 675349215-3036690452
                                                                                                                • Opcode ID: 94225bee3f6a8963e56c9accab520232de17f4e74742b4d2aa9dd70c6e4c96de
                                                                                                                • Instruction ID: 225e4b19e03ec51a4db44d0e49b0130b85d24856f1ed88f1d390cca092a33806
                                                                                                                • Opcode Fuzzy Hash: 94225bee3f6a8963e56c9accab520232de17f4e74742b4d2aa9dd70c6e4c96de
                                                                                                                • Instruction Fuzzy Hash: 0D51A0B0800659EFDB508F94CC84F9A7BF9AF05308F5000D5F615AB292E372DA88CF95
                                                                                                                Function 640F681A Relevance: 10.5, APIs: 7, Instructions: 34windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640F6821
                                                                                                                • GetLastError.KERNEL32(00000008,640F50A0,?,00000000,00000000,?,?,640E8DC8,?,%1!I64u!,?,?), ref: 640F6834
                                                                                                                • SetLastError.KERNEL32(00000000,?,640E8DC8,?,%1!I64u!,?,?), ref: 640F6840
                                                                                                                • FormatMessageW.KERNEL32(00000500,00000000,00000000,00000000,74402FA0,00000000,74402FA0,?,640E8DC8,?,%1!I64u!,?,?), ref: 640F6854
                                                                                                                • GetLastError.KERNEL32(?,640E8DC8,?,%1!I64u!,?,?), ref: 640F685A
                                                                                                                • SetLastError.KERNEL32(?,?,640E8DC8,?,%1!I64u!,?,?), ref: 640F6868
                                                                                                                • LocalFree.KERNEL32(74402FA0,?,74402FA0,?,640E8DC8,?,%1!I64u!,?,?), ref: 640F6878
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$FormatFreeH_prolog3LocalMessage
                                                                                                                • String ID:
                                                                                                                • API String ID: 69132360-0
                                                                                                                • Opcode ID: 2f1f394db6c9e64841c2b191868c0ce2a8cc4011ab631f8dd62eb5fcef4029ea
                                                                                                                • Instruction ID: 01f670424bb1ed0c138e181b43c299c4a3c41b9b971b95cf1a2659fd2ffd85d8
                                                                                                                • Opcode Fuzzy Hash: 2f1f394db6c9e64841c2b191868c0ce2a8cc4011ab631f8dd62eb5fcef4029ea
                                                                                                                • Instruction Fuzzy Hash: 54F0FF35800169EBEF00AFA6CD44DAEBE79FF95705F00442AB910A6061CF714D15DB61
                                                                                                                Function 640F87C1 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 640FAEFE
                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 640FAF13
                                                                                                                • UnhandledExceptionFilter.KERNEL32(640D1540), ref: 640FAF1E
                                                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 640FAF3A
                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 640FAF41
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                • String ID:
                                                                                                                • API String ID: 2579439406-0
                                                                                                                • Opcode ID: a7cb0ba349a0805266f29d105063371508263bf747d01a25b781e40c51fb8e88
                                                                                                                • Instruction ID: 0d68052fee0bd54fcf85fb185fd0fae4ac0c6516df645901af853370eca9eb34
                                                                                                                • Opcode Fuzzy Hash: a7cb0ba349a0805266f29d105063371508263bf747d01a25b781e40c51fb8e88
                                                                                                                • Instruction Fuzzy Hash: B021DFB890D314DFDF81DF66D69A6C43BB4FB4B305F10502AE90AA7241EBB05685CF49
                                                                                                                Function 640DEFE2 Relevance: 7.5, APIs: 5, Instructions: 49processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 640DEFFE
                                                                                                                • _memset.LIBCMT ref: 640DF018
                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 640DF032
                                                                                                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 640DF04D
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 640DF061
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2526126748-0
                                                                                                                • Opcode ID: b984a6168a82bf4cea8a8352b0953f6fd240c4d9456acdfe09fcfe29671964d9
                                                                                                                • Instruction ID: ed5b86b503507821598723abdd38b9bc9e577b2934e9173dc8cf3dd4dd2da6c8
                                                                                                                • Opcode Fuzzy Hash: b984a6168a82bf4cea8a8352b0953f6fd240c4d9456acdfe09fcfe29671964d9
                                                                                                                • Instruction Fuzzy Hash: 26018031901238AFC710AAA5DC4CFAE7FBDEB86314F5041A5E914D7180DB749A49CBA1
                                                                                                                Function 6E33171F Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6E34A4E6
                                                                                                                • UnhandledExceptionFilter.KERNEL32(6E34A50C), ref: 6E34A4F1
                                                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 6E34A4FC
                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 6E34A503
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                • String ID:
                                                                                                                • API String ID: 3231755760-0
                                                                                                                • Opcode ID: dbb4f6ece2c99a265ae81b1c2c991dcb37def51fffd9fce3cb3c999437723d51
                                                                                                                • Instruction ID: 38ced9a4bb0f8705150c62b5640bca5eff234efc1b04d388549a4f64bcc71be7
                                                                                                                • Opcode Fuzzy Hash: dbb4f6ece2c99a265ae81b1c2c991dcb37def51fffd9fce3cb3c999437723d51
                                                                                                                • Instruction Fuzzy Hash: B221B0B8806B45DFCF41CF69C185A487BBCBB0A308F70495AE94893750F7725985CF06
                                                                                                                Function 640F7A10 Relevance: 4.5, APIs: 3, Instructions: 40COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadResource.KERNEL32(?,?,?,?,640EF053,?,00000000,?,640EF018,00000000,?,00000000,?,?), ref: 640F7A1E
                                                                                                                • LockResource.KERNEL32(00000000,64112F8C,?,640EF053,?,00000000,?,640EF018,00000000,?,00000000,?,?), ref: 640F7A2A
                                                                                                                • SizeofResource.KERNEL32(?,?,?,640EF053,?,00000000,?,640EF018,00000000,?,00000000,?,?), ref: 640F7A3C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Resource$LoadLockSizeof
                                                                                                                • String ID:
                                                                                                                • API String ID: 2853612939-0
                                                                                                                • Opcode ID: 25ec564fcba6e16a410e882aef5adcf2613865877b11770cea8e778505d34fce
                                                                                                                • Instruction ID: 18c387e769d847d658a5afa4018261f8850c632983463518b40b3d7ec29c3a55
                                                                                                                • Opcode Fuzzy Hash: 25ec564fcba6e16a410e882aef5adcf2613865877b11770cea8e778505d34fce
                                                                                                                • Instruction Fuzzy Hash: 6EF0F63B200036A78F513F35CC04A697FA6EBC57A130A4432FC18D7110EB79C666D7A2
                                                                                                                Function 640DF665 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 473memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VariantInit.OLEAUT32(?), ref: 640DF6D5
                                                                                                                • VariantInit.OLEAUT32(?), ref: 640DF6E8
                                                                                                                • VariantInit.OLEAUT32(?), ref: 640DF6FE
                                                                                                                • VariantInit.OLEAUT32(?), ref: 640DF717
                                                                                                                • VariantClear.OLEAUT32(?), ref: 640DF77B
                                                                                                                • VariantClear.OLEAUT32(?), ref: 640DF782
                                                                                                                • VariantClear.OLEAUT32(?), ref: 640DF789
                                                                                                                • VariantClear.OLEAUT32(?), ref: 640DF790
                                                                                                                • SysAllocString.OLEAUT32(640D375C), ref: 640DF7B0
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 640DF7EF
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 640DF833
                                                                                                                  • Part of subcall function 640F83CE: __CxxThrowException@8.LIBCMT ref: 640F83E2
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 640DF80D
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 640DF937
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 640DF969
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 640DF987
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 640DF9B1
                                                                                                                • VariantInit.OLEAUT32(?), ref: 640DF9E8
                                                                                                                • SysAllocString.OLEAUT32(S-1-5-32-545), ref: 640DFA0A
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 640DFA5B
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 640DFACB
                                                                                                                • VariantClear.OLEAUT32(?), ref: 640DFAD2
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 640DFAD8
                                                                                                                • VariantClear.OLEAUT32(?), ref: 640DFADF
                                                                                                                • VariantClear.OLEAUT32 ref: 640DFAEE
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 640DFB3A
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 640DFB64
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: String$Variant$AllocClearFree$Init$Exception@8Throw
                                                                                                                • String ID: S-1-5-32-545
                                                                                                                • API String ID: 3415528432-782171229
                                                                                                                • Opcode ID: f4adcf567310313418493dc7724e7447dc7c08742259411ab08b321cdb6d3816
                                                                                                                • Instruction ID: 85be9e406e26fcf53902298ab3f114e350a5d475451393267c9e9e75f2a24937
                                                                                                                • Opcode Fuzzy Hash: f4adcf567310313418493dc7724e7447dc7c08742259411ab08b321cdb6d3816
                                                                                                                • Instruction Fuzzy Hash: 3802AC31508751DFD721DF64C848B9BBBEABF8A715F004A5CF8849B250CB72D809CBA2
                                                                                                                Function 640E04F9 Relevance: 42.2, APIs: 28, Instructions: 157windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E0500
                                                                                                                  • Part of subcall function 640F83FD: _memcpy_s.LIBCMT ref: 640F844E
                                                                                                                  • Part of subcall function 640EFB4F: __EH_prolog3.LIBCMT ref: 640EFB56
                                                                                                                  • Part of subcall function 640EFB4F: GetParent.USER32(00000001), ref: 640EFB6B
                                                                                                                  • Part of subcall function 640EFB4F: SendMessageW.USER32(00000000,00000481,00000001,00000000), ref: 640EFB78
                                                                                                                  • Part of subcall function 640EFB4F: GetParent.USER32(00000001), ref: 640EFBB5
                                                                                                                  • Part of subcall function 640EFB4F: SendMessageW.USER32(00000000,0000047E,?,?), ref: 640EFBC1
                                                                                                                  • Part of subcall function 640EFB4F: GetParent.USER32(00000001), ref: 640EFBD3
                                                                                                                  • Part of subcall function 640EFB4F: SendMessageW.USER32(00000000,00000480,?,?), ref: 640EFBDF
                                                                                                                • GetDlgItem.USER32(000000FF,00000065), ref: 640E0562
                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 640E0565
                                                                                                                • IsDlgButtonChecked.USER32(000000FF,00000065), ref: 640E0574
                                                                                                                • GetDlgItem.USER32(000000FF,00000066), ref: 640E0583
                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 640E0586
                                                                                                                • CheckDlgButton.USER32(000000FF,00000065,00000000), ref: 640E0597
                                                                                                                • CheckDlgButton.USER32(000000FF,00000066,00000001), ref: 640E05A4
                                                                                                                • GetDlgItem.USER32(000000FF,00000066), ref: 640E05AF
                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 640E05B2
                                                                                                                • IsDlgButtonChecked.USER32(000000FF,00000066), ref: 640E05C1
                                                                                                                • GetDlgItem.USER32(000000FF,00000065), ref: 640E05D0
                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 640E05D3
                                                                                                                • CheckDlgButton.USER32(000000FF,00000066,00000000), ref: 640E05E4
                                                                                                                • CheckDlgButton.USER32(000000FF,00000065,00000001), ref: 640E05F1
                                                                                                                • GetParent.USER32(00000001), ref: 640E0618
                                                                                                                • GetDlgItem.USER32(00000001,00000065), ref: 640E062C
                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 640E0635
                                                                                                                • GetDlgItem.USER32(00000001,00000066), ref: 640E0640
                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 640E0643
                                                                                                                • GetParent.USER32(00000001), ref: 640E064C
                                                                                                                • GetParent.USER32(00000001), ref: 640E065E
                                                                                                                • GetDlgItem.USER32(00000000,?), ref: 640E0668
                                                                                                                • EnableWindow.USER32(00000000,00000001), ref: 640E066D
                                                                                                                • SetWindowLongW.USER32(00000001,000000F4,0000006B), ref: 640E0686
                                                                                                                • GetParent.USER32(00000001), ref: 640E0695
                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 640E069D
                                                                                                                • PostMessageW.USER32(00000001,000006F5,00000000,00000000), ref: 640E06AF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$ItemParent$ButtonEnabled$CheckMessage$Send$CheckedH_prolog3$EnableLongPostText_memcpy_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 1237731162-0
                                                                                                                • Opcode ID: 1eef0f0e194f5be03708f2194ab0fddf62de63c6cc7be6f5e6c4b2b61bfae4b9
                                                                                                                • Instruction ID: bd26f74bc2439152a5a51261339ca37f8333d96314e4b12a83e0aa7b3ebfd91d
                                                                                                                • Opcode Fuzzy Hash: 1eef0f0e194f5be03708f2194ab0fddf62de63c6cc7be6f5e6c4b2b61bfae4b9
                                                                                                                • Instruction Fuzzy Hash: DC512831644721AFEB20AFB4CD4DF5A7FA6EF05B05F004428FA96AB5A0DF71D8648B10
                                                                                                                Function 640F9DA6 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,640F854E,64107EB8,00000008,640F86E7,?,?,?,64107ED8,0000000C,640F87A7,?), ref: 640F9DAE
                                                                                                                • __mtterm.LIBCMT ref: 640F9DBA
                                                                                                                  • Part of subcall function 640F9A67: _DecodePointerInternal@4.SETUPUI(00000008,640F8611,640F85F7,64107EB8,00000008,640F86E7,?,?,?,64107ED8,0000000C,640F87A7,?), ref: 640F9A78
                                                                                                                  • Part of subcall function 640F9A67: TlsFree.KERNEL32(00000029,640F8611,640F85F7,64107EB8,00000008,640F86E7,?,?,?,64107ED8,0000000C,640F87A7,?), ref: 640F9A92
                                                                                                                  • Part of subcall function 640F9A67: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,640F8611,640F85F7,64107EB8,00000008,640F86E7,?,?,?,64107ED8,0000000C,640F87A7,?), ref: 640FE8DE
                                                                                                                  • Part of subcall function 640F9A67: DeleteCriticalSection.KERNEL32(00000029,?,?,640F8611,640F85F7,64107EB8,00000008,640F86E7,?,?,?,64107ED8,0000000C,640F87A7,?), ref: 640FE908
                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 640F9DD0
                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 640F9DDD
                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 640F9DEA
                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 640F9DF7
                                                                                                                • TlsAlloc.KERNEL32(?,?,640F854E,64107EB8,00000008,640F86E7,?,?,?,64107ED8,0000000C,640F87A7,?), ref: 640F9E47
                                                                                                                • TlsSetValue.KERNEL32(00000000,?,?,640F854E,64107EB8,00000008,640F86E7,?,?,?,64107ED8,0000000C,640F87A7,?), ref: 640F9E62
                                                                                                                • __init_pointers.LIBCMT ref: 640F9E6C
                                                                                                                • _EncodePointerInternal@4.SETUPUI(?,?,640F854E,64107EB8,00000008,640F86E7,?,?,?,64107ED8,0000000C,640F87A7,?), ref: 640F9E7D
                                                                                                                • _EncodePointerInternal@4.SETUPUI(?,?,640F854E,64107EB8,00000008,640F86E7,?,?,?,64107ED8,0000000C,640F87A7,?), ref: 640F9E8A
                                                                                                                • _EncodePointerInternal@4.SETUPUI(?,?,640F854E,64107EB8,00000008,640F86E7,?,?,?,64107ED8,0000000C,640F87A7,?), ref: 640F9E97
                                                                                                                • _EncodePointerInternal@4.SETUPUI(?,?,640F854E,64107EB8,00000008,640F86E7,?,?,?,64107ED8,0000000C,640F87A7,?), ref: 640F9EA4
                                                                                                                • _DecodePointerInternal@4.SETUPUI(Function_00029BFF,?,?,640F854E,64107EB8,00000008,640F86E7,?,?,?,64107ED8,0000000C,640F87A7,?), ref: 640F9EC5
                                                                                                                • __calloc_crt.LIBCMT ref: 640F9EDA
                                                                                                                • _DecodePointerInternal@4.SETUPUI(00000000,?,?,640F854E,64107EB8,00000008,640F86E7,?,?,?,64107ED8,0000000C,640F87A7,?), ref: 640F9EF4
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 640F9F06
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Internal@4Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                                                                                • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                • API String ID: 1778039572-3819984048
                                                                                                                • Opcode ID: 652d38e441e5146faf7cca4404307ba3464b73f4f00245c003db389e80e1d91d
                                                                                                                • Instruction ID: aa6fe36a2dd953e6348db911a1870f91ff5f28abde43a54e920aba2590672412
                                                                                                                • Opcode Fuzzy Hash: 652d38e441e5146faf7cca4404307ba3464b73f4f00245c003db389e80e1d91d
                                                                                                                • Instruction Fuzzy Hash: F1315C34908231DADF41AFB69E05B8E3FA4FB47764B10493AEC14E7291DB748456CFA1
                                                                                                                Function 640DBE03 Relevance: 31.7, APIs: 1, Strings: 17, Instructions: 220COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640DBE0A
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640EF35E: __EH_prolog3.LIBCMT ref: 640EF365
                                                                                                                  • Part of subcall function 640EF35E: __recalloc.LIBCMT ref: 640EF3A7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$__recalloc
                                                                                                                • String ID: CEIPconsent$NoSetupVersionCheck$chainingpackage$createlayout$lcid$log$msioptions$norestart$parameterfolder$passive$pipe$promptrestart$repair$serialdownload$showfinalerror$uninstall$uninstallpatch
                                                                                                                • API String ID: 1900422986-634121796
                                                                                                                • Opcode ID: cdbfaba7c2b4fd7445c8ecde76cc5db4d82628a187a880dc21eea79631ea4265
                                                                                                                • Instruction ID: 095fe159b0efcd18f339ebcdd368ef6eab39f125983c1d6010cd27d90c7d8b35
                                                                                                                • Opcode Fuzzy Hash: cdbfaba7c2b4fd7445c8ecde76cc5db4d82628a187a880dc21eea79631ea4265
                                                                                                                • Instruction Fuzzy Hash: 43A119B280027DDEEB00D7F8CD807EDB7B8AF1532CF184594E424A7286D775AA599732
                                                                                                                Function 640ED149 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 114windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640ED150
                                                                                                                  • Part of subcall function 640DC419: __EH_prolog3.LIBCMT ref: 640DC420
                                                                                                                  • Part of subcall function 640DC419: GetModuleFileNameW.KERNEL32(640D0000,00000010,00000104), ref: 640DC46D
                                                                                                                  • Part of subcall function 640EF21D: PathAppendW.SHLWAPI(00000000,00000000,?,00000105,?,?,80070057,80070057,640DC3AE), ref: 640EF241
                                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000020,00000020,00000010), ref: 640ED198
                                                                                                                • SendMessageW.USER32(?,00000080,00000001,00000000), ref: 640ED1AF
                                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000020,00000020,00000010), ref: 640ED1E4
                                                                                                                • GetDlgItem.USER32(?,00000068), ref: 640ED1F5
                                                                                                                • SendMessageW.USER32(00000000,00000170,?,00000000), ref: 640ED209
                                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 640ED231
                                                                                                                • GetDlgItem.USER32(?,00000069), ref: 640ED242
                                                                                                                • SendMessageW.USER32(00000000,000000F7,00000001,?), ref: 640ED256
                                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 640ED27E
                                                                                                                • GetDlgItem.USER32(?,0000006A), ref: 640ED28F
                                                                                                                • SendMessageW.USER32(00000000,000000F7,00000001,?), ref: 640ED2A3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ImageLoadMessageSend$Item$H_prolog3$AppendFileModuleNamePath
                                                                                                                • String ID: graphics\setup.ico$print.ico$save.ico$stop.ico$warn.ico
                                                                                                                • API String ID: 1194837009-3827646805
                                                                                                                • Opcode ID: a9ba77c32d2abf66eb7d4e6689e5239a8342e283d1efe653347fc6eeb0e37035
                                                                                                                • Instruction ID: bd09aca2c747f49b5a321711afc3a6959f9378a477d6e89cadab85b6de258281
                                                                                                                • Opcode Fuzzy Hash: a9ba77c32d2abf66eb7d4e6689e5239a8342e283d1efe653347fc6eeb0e37035
                                                                                                                • Instruction Fuzzy Hash: E441473464072ABFFF209FA0CC45FAA77B9FF45704F004425F6A5AA0D1DBB294649B10
                                                                                                                Function 640EA80E Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 201windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640EA815
                                                                                                                • GetDlgItem.USER32(?,00000065), ref: 640EA87D
                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 640EA885
                                                                                                                • GetDlgItem.USER32(?,00000069), ref: 640EA8AD
                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 640EA8B5
                                                                                                                • PostMessageW.USER32(?,00000691,80004005,00000000), ref: 640EA8E9
                                                                                                                • PostMessageW.USER32(?,00000691,77777777,00000000), ref: 640EA944
                                                                                                                • GetParent.USER32(00000002), ref: 640EA9F5
                                                                                                                • GetParent.USER32(00000002), ref: 640EAA0B
                                                                                                                • SetWindowLongW.USER32(00000002,000000F4,0000006A), ref: 640EAA35
                                                                                                                • GetParent.USER32(00000002), ref: 640EAA40
                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 640EAA48
                                                                                                                • PostMessageW.USER32(00000002,000006F5,00000000,00000000), ref: 640EAA59
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$MessageParentPostText$Item$H_prolog3Long
                                                                                                                • String ID: All buttons hidden in passive mode$wwww
                                                                                                                • API String ID: 3938074132-3958308462
                                                                                                                • Opcode ID: f35f5752d8b991d6e2c9522aafa109691a56533025b394ae21afda076b154b23
                                                                                                                • Instruction ID: 04acb5d00e28824c3d25230a1a9fe71767cd2f599d45bc9ad6b75da4d1a96519
                                                                                                                • Opcode Fuzzy Hash: f35f5752d8b991d6e2c9522aafa109691a56533025b394ae21afda076b154b23
                                                                                                                • Instruction Fuzzy Hash: 4E817375600615DFEB00DFA4C888BADBBB5FF09708F104568EA55AB361CB31AC15CF91
                                                                                                                Function 6E3466A1 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 174fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000003,80000080,00000000), ref: 6E34672A
                                                                                                                • GetLastError.KERNEL32 ref: 6E346738
                                                                                                                  • Part of subcall function 6E345F11: EtwTraceMessage.NTDLL ref: 6E345F26
                                                                                                                • CreateFileMappingW.KERNEL32(00000000,00000000,00000004,00000000,00000078,00000000), ref: 6E34677E
                                                                                                                • GetLastError.KERNEL32 ref: 6E34678B
                                                                                                                  • Part of subcall function 6E3499F8: EtwTraceMessage.NTDLL ref: 6E349A13
                                                                                                                • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000078), ref: 6E3467CC
                                                                                                                • GetLastError.KERNEL32 ref: 6E3467D8
                                                                                                                • UnmapViewOfFile.KERNEL32(00000000), ref: 6E3468A7
                                                                                                                • CloseHandle.KERNEL32(?), ref: 6E3468BB
                                                                                                                • CloseHandle.KERNEL32(?), ref: 6E3468C0
                                                                                                                • SetLastError.KERNEL32(00000000), ref: 6E3468C4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFileLast$CloseCreateHandleMessageTraceView$MappingUnmap
                                                                                                                • String ID: MSQM
                                                                                                                • API String ID: 3767376415-2366479917
                                                                                                                • Opcode ID: 5bd2f671923d65df90b56205c7db7714292a5d125367a4acd8f7e4ad71ed1f6f
                                                                                                                • Instruction ID: 4da1e817b0f2508f73aaa4753a9c2290a1c0febba0a8074d3490f445928a980a
                                                                                                                • Opcode Fuzzy Hash: 5bd2f671923d65df90b56205c7db7714292a5d125367a4acd8f7e4ad71ed1f6f
                                                                                                                • Instruction Fuzzy Hash: 56519E30550245EFDBA19EE5CCD8FAA7FEAAF05348F1044A5F915EB2A1D372C985CB20
                                                                                                                Function 640DE153 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 163COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 640DE179
                                                                                                                • GetParent.USER32 ref: 640DE18B
                                                                                                                • GetWindow.USER32(?,00000004), ref: 640DE197
                                                                                                                • GetWindowRect.USER32(?,?), ref: 640DE1A5
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 640DE1BB
                                                                                                                • MonitorFromWindow.USER32(?,00000002), ref: 640DE1DA
                                                                                                                • GetMonitorInfoW.USER32(00000000,?), ref: 640DE1F7
                                                                                                                • GetWindowRect.USER32(?,?), ref: 640DE220
                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,000000FF,000000FF,00000015,?,00000000,?,00000002,?,?,?,?,?), ref: 640DE2C7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$LongMonitorRect$FromInfoParent
                                                                                                                • String ID: (
                                                                                                                • API String ID: 1468510684-3887548279
                                                                                                                • Opcode ID: ac4a3594511919b1346a32bba4a2e2e4d83ae4df4d7d522ec16962217a78baa5
                                                                                                                • Instruction ID: a51aa1dd9b205a7b9cd897fd12c31f66afde52b825d08644bb0624a1b852efba
                                                                                                                • Opcode Fuzzy Hash: ac4a3594511919b1346a32bba4a2e2e4d83ae4df4d7d522ec16962217a78baa5
                                                                                                                • Instruction Fuzzy Hash: 13515E75A047299FDB00CEA9CD88BAEBBF9EF49354F140124F911F7294DB61AD09CB90
                                                                                                                Function 6E33D937 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 394COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetTickCount.KERNEL32 ref: 6E33DA74
                                                                                                                • GetTickCount.KERNEL32 ref: 6E33DA8F
                                                                                                                • GlobalFree.KERNEL32(?), ref: 6E33DB44
                                                                                                                • ImpersonateLoggedOnUser.ADVAPI32(?,0000004C,6E33C228,?,?,00000001,?,?,00000000,?,?,?,00000000), ref: 6E342A06
                                                                                                                • GetLastError.KERNEL32(?,?,?,00000000), ref: 6E342A10
                                                                                                                • RevertToSelf.ADVAPI32(?,?,?,00000000), ref: 6E342CBB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CountTick$ErrorFreeGlobalImpersonateLastLoggedRevertSelfUser
                                                                                                                • String ID: http%s://%s/%s
                                                                                                                • API String ID: 1105026337-335662767
                                                                                                                • Opcode ID: f631ef6f59c1745bdf1829a6766349437b3142093bf513262cd54f9cc3792a80
                                                                                                                • Instruction ID: acfec7f58fdb7f638adc1edeed9ccc903400f8b769e74fcddd0ead0d62109915
                                                                                                                • Opcode Fuzzy Hash: f631ef6f59c1745bdf1829a6766349437b3142093bf513262cd54f9cc3792a80
                                                                                                                • Instruction Fuzzy Hash: 97E18B709042AADFCB918FD5CA90F9E7BB9BF05748F604469F910AB261D772C944CF60
                                                                                                                Function 6E33C069 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 368COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ResetEvent.KERNEL32(?,0000003C), ref: 6E33C165
                                                                                                                • ResetEvent.KERNEL32(?), ref: 6E33C16E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: EventReset
                                                                                                                • String ID: MSDW
                                                                                                                • API String ID: 2632953641-1205502275
                                                                                                                • Opcode ID: a38cef4d48da10422dc57a1c9d55697e2010ade732b147a68ac85ed930dcba45
                                                                                                                • Instruction ID: 80a925843bfbb1d6163bcf2adf7f8b8e343e240e3223cb57fc1dbd756b87a66c
                                                                                                                • Opcode Fuzzy Hash: a38cef4d48da10422dc57a1c9d55697e2010ade732b147a68ac85ed930dcba45
                                                                                                                • Instruction Fuzzy Hash: 42D18A706406A6EFDF919FE5C898F997BBABB08708F200458F655DB2A0D772C844CF60
                                                                                                                Function 640E9D5D Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 107COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E9D64
                                                                                                                  • Part of subcall function 640DC419: __EH_prolog3.LIBCMT ref: 640DC420
                                                                                                                  • Part of subcall function 640DC419: GetModuleFileNameW.KERNEL32(640D0000,00000010,00000104), ref: 640DC46D
                                                                                                                  • Part of subcall function 640EF21D: PathAppendW.SHLWAPI(00000000,00000000,?,00000105,?,?,80070057,80070057,640DC3AE), ref: 640EF241
                                                                                                                • __recalloc.LIBCMT ref: 640E9E26
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$AppendFileModuleNamePath__recalloc
                                                                                                                • String ID: LoadImage failed for rotation icon %d$Rotate1.ico$Rotate2.ico$Rotate3.ico$Rotate4.ico$Rotate5.ico$Rotate6.ico$Rotate7.ico$Rotate8.ico$graphics
                                                                                                                • API String ID: 2299973880-2721559919
                                                                                                                • Opcode ID: 7aa79c768e582231602ca252e2bab618e247e0409dbb153f0ad34aca775c89fd
                                                                                                                • Instruction ID: e7bbcd58a39208bcbae9b3b3f426400a97b3f2d5dbd7607aa21690ae234a9ed7
                                                                                                                • Opcode Fuzzy Hash: 7aa79c768e582231602ca252e2bab618e247e0409dbb153f0ad34aca775c89fd
                                                                                                                • Instruction Fuzzy Hash: D1416D7590022AEFEB01DF94C881BBEB7B5FF04718F504118DA24BB281D771A965CF91
                                                                                                                Function 640DC4DC Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 191COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 640DC4E3
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 640DC626
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 640DC649
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 640DC65C
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 640DC678
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 640DC68C
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 640DC6BC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$H_prolog3H_prolog3_
                                                                                                                • String ID: (Elapsed time: %D %H:%M:%S).$%02ld$%I64d$`:d
                                                                                                                • API String ID: 1979320550-1650980423
                                                                                                                • Opcode ID: e30dce21d82ba427fbf43e52b3d6cfd135c30c2e023f84e829a8bfabe99ef62b
                                                                                                                • Instruction ID: 19be2398b21cc09a6bc42dc9b796cf73b965d8a11b1552a29b1c45285961b66c
                                                                                                                • Opcode Fuzzy Hash: e30dce21d82ba427fbf43e52b3d6cfd135c30c2e023f84e829a8bfabe99ef62b
                                                                                                                • Instruction Fuzzy Hash: BD61B671905228EFEB00DBA8CD44BEDBBF9AF59714F148059F904BB190DB70ED058B61
                                                                                                                Function 640EA6A1 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 121timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 640EA214: __CxxThrowException@8.LIBCMT ref: 640EA228
                                                                                                                • GetDlgItem.USER32(?,00000066), ref: 640EA6E2
                                                                                                                • SetPropW.USER32(00000000,RotatingIconDisplayTHIS,?), ref: 640EA6F1
                                                                                                                • SetTimer.USER32(?,00000002,000003E8,Function_0001A051), ref: 640EA70B
                                                                                                                • GetDlgItem.USER32(?,0000006A), ref: 640EA721
                                                                                                                • SetPropW.USER32(00000000,RotatingIconDisplayTHIS,?), ref: 640EA730
                                                                                                                • GetDlgItem.USER32(?,00000067), ref: 640EA740
                                                                                                                • GetDlgItem.USER32(?,0000006B), ref: 640EA751
                                                                                                                Strings
                                                                                                                • Launching Download operation. Install operation will follow after download is complete., xrefs: 640EA7D8
                                                                                                                • RotatingIconDisplayTHIS, xrefs: 640EA6EB, 640EA72A
                                                                                                                • Item(s) availability state is "Error". Exiting setup., xrefs: 640EA7E2
                                                                                                                • Launching Download and Install operations simultaneously., xrefs: 640EA7C2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Item$Prop$Exception@8ThrowTimer
                                                                                                                • String ID: Item(s) availability state is "Error". Exiting setup.$Launching Download and Install operations simultaneously.$Launching Download operation. Install operation will follow after download is complete.$RotatingIconDisplayTHIS
                                                                                                                • API String ID: 3010864479-2919304341
                                                                                                                • Opcode ID: ea054490152e2045a4b98e62069c8696616f64b10c21d71ce3dc01de23cfc848
                                                                                                                • Instruction ID: 8e6fc0c7a06f0b2604195677a89f1c7a007ddc3c160c214f81ee56bd90ba8578
                                                                                                                • Opcode Fuzzy Hash: ea054490152e2045a4b98e62069c8696616f64b10c21d71ce3dc01de23cfc848
                                                                                                                • Instruction Fuzzy Hash: 5D413534700612AFDB049F74C888FA5FBB5FF4A309F104558E96A9B2A1CB71A824CF91
                                                                                                                Function 6E33BB55 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 111COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(00000030,?,00000000), ref: 6E33BB79
                                                                                                                • GetCurrentProcess.KERNEL32(?,00100000,00000000,00000000,?,00000000), ref: 6E33BB9A
                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,00000000), ref: 6E33BBA0
                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00000000), ref: 6E33BBA3
                                                                                                                • LeaveCriticalSection.KERNEL32(00000030,?,00000000), ref: 6E33BBBC
                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 6E3400A1
                                                                                                                • SetEvent.KERNEL32(?,Upload Completion,00000001,?,00000000,?,?,00000000), ref: 6E340100
                                                                                                                • CloseHandle.KERNEL32(?,00000000), ref: 6E34012A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalCurrentHandleProcessSection$CloseDuplicateEnterErrorEventLastLeave
                                                                                                                • String ID: Upload Completion$Upload Thread Exit
                                                                                                                • API String ID: 3688531783-3056875662
                                                                                                                • Opcode ID: f3da75cfbf6d0bcbd163cef56b8f8f6490366f0338479b07c76e33d438211f49
                                                                                                                • Instruction ID: 0728990857741f9409f1d9a9e330a40719faaf8e5ef4891a31f49168072e694f
                                                                                                                • Opcode Fuzzy Hash: f3da75cfbf6d0bcbd163cef56b8f8f6490366f0338479b07c76e33d438211f49
                                                                                                                • Instruction Fuzzy Hash: DE41BC71A00689EFDB61DFE5CC84E9ABBBEBF11304F2044A9E450EA291D776D984CF11
                                                                                                                Function 6E3356B0 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 157fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetTempFileNameW.KERNEL32(00000000,WER,00000000,?,00000000,00000000,?), ref: 6E335756
                                                                                                                • DeleteFileW.KERNEL32(?), ref: 6E335774
                                                                                                                • CreateFileW.KERNEL32(?,C0000000,?,00000104,00000002,?,00000000), ref: 6E3357B6
                                                                                                                • GetLongPathNameW.KERNEL32(?,?,00000000), ref: 6E3357D7
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 6E3357F9
                                                                                                                  • Part of subcall function 6E33583D: GetTempPathW.KERNEL32(00000000,00000000,00000000,00000000), ref: 6E335875
                                                                                                                  • Part of subcall function 6E33583D: GetLongPathNameW.KERNEL32(00000000,?,00000104), ref: 6E3358A7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileNamePath$LongTemp$CloseCreateDeleteHandle
                                                                                                                • String ID: 2$WER
                                                                                                                • API String ID: 1638618745-1393268543
                                                                                                                • Opcode ID: 00768c9d7ddc95a50b051e968f1d97899a8842faa58b4088510d62f7b5a7edc9
                                                                                                                • Instruction ID: f3fc57c7a0a1d4564e530d7ab4db58ee1eb5085036a540045fba22232682e5d4
                                                                                                                • Opcode Fuzzy Hash: 00768c9d7ddc95a50b051e968f1d97899a8842faa58b4088510d62f7b5a7edc9
                                                                                                                • Instruction Fuzzy Hash: 0A519EB1A00269EBDB608FA4CD84FD977F8AB09314F2041A5F628EB191D735CAC5CF64
                                                                                                                Function 6E346327 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 122COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 6E34634C
                                                                                                                • GetLastError.KERNEL32 ref: 6E3463D4
                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GR;;;WD),00000001,?,00000000), ref: 6E3463FA
                                                                                                                • GetLastError.KERNEL32(D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GR;;;WD),00000001,?,00000000), ref: 6E346406
                                                                                                                  • Part of subcall function 6E345F11: EtwTraceMessage.NTDLL ref: 6E345F26
                                                                                                                  • Part of subcall function 6E347DFE: RegCloseKey.ADVAPI32(00000001,?,?,?,6E346448,80000002,Software\Microsoft\SQMClient,0000000C,MachineId,?,D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GR;;;WD),00000001,?,00000000), ref: 6E347F28
                                                                                                                • LocalFree.KERNEL32(00000000,MachineId,?,D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GR;;;WD),00000001,?,00000000), ref: 6E346486
                                                                                                                • SetLastError.KERNEL32(0000054F,MachineId,?,D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GR;;;WD),00000001,?,00000000), ref: 6E34648F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$DescriptorSecurity$CloseConvertFreeLocalMessageStringTracememset
                                                                                                                • String ID: D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GR;;;WD)$MachineId$Software\Microsoft\SQMClient$W
                                                                                                                • API String ID: 2649899325-766622882
                                                                                                                • Opcode ID: 45ce176b3da9363b9cc8ccf6a40866333c8ba82967261b9c92900ec7e049bd09
                                                                                                                • Instruction ID: 96e464d78bbc908bd0911adfa75144d44d10aba0fd865aa693ddfd7645659d7d
                                                                                                                • Opcode Fuzzy Hash: 45ce176b3da9363b9cc8ccf6a40866333c8ba82967261b9c92900ec7e049bd09
                                                                                                                • Instruction Fuzzy Hash: 0D411675910388EFDF80DFD4C994E9DBBF9AB05348F200069E545EB265E3729948CF50
                                                                                                                Function 640F09E0 Relevance: 16.9, APIs: 11, Instructions: 430windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 640F09E7
                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 640F0A02
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                • MapDialogRect.USER32(?,00000000), ref: 640F0AEE
                                                                                                                • ShowWindow.USER32(00000000,00000001,00000000,?,?,?,40000000,?,?,00000000), ref: 640F0B68
                                                                                                                • SendMessageW.USER32(00000000,00000030,?,00000001), ref: 640F0B78
                                                                                                                  • Part of subcall function 640DF589: SendMessageW.USER32(?,00000031,00000000,00000000), ref: 640DF5AC
                                                                                                                  • Part of subcall function 640DF589: GetObjectW.GDI32(00000000,0000005C,?), ref: 640DF5B5
                                                                                                                  • Part of subcall function 640DF589: CreateFontIndirectW.GDI32(?), ref: 640DF600
                                                                                                                  • Part of subcall function 640DF589: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 640DF610
                                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000010), ref: 640F0C2A
                                                                                                                • SendMessageW.USER32(00000000,00000170,?,00000000), ref: 640F0C70
                                                                                                                • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00000010), ref: 640F0CA3
                                                                                                                  • Part of subcall function 640EF933: SendMessageW.USER32(?,00000172,00000000,?), ref: 640EF944
                                                                                                                • MapDialogRect.USER32(?,00000000), ref: 640F0DAB
                                                                                                                • SendMessageW.USER32(?,00000030,?,00000001), ref: 640F0E0A
                                                                                                                • ShowWindow.USER32(?,00000001,?,00000000,?,?,?,?,?,?,?,?,?,6410677E,000000FF), ref: 640F0E15
                                                                                                                  • Part of subcall function 640EF8DE: CreateWindowExW.USER32(00000000,STATIC,?,?,?,?,?,?,?,?,00000000,?), ref: 640EF91E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Window$CreateDialogImageLoadRectShow$FontH_prolog3H_prolog3_IndirectObject
                                                                                                                • String ID:
                                                                                                                • API String ID: 2777900791-0
                                                                                                                • Opcode ID: 452f3f933bcbc5fefe63ba0b2ef43e361f2666b4f395114aa85c4a2144a1ca59
                                                                                                                • Instruction ID: 969254d967bfbdb15f05193c91422ffe4308f50b59f3243405a3988ddabef06b
                                                                                                                • Opcode Fuzzy Hash: 452f3f933bcbc5fefe63ba0b2ef43e361f2666b4f395114aa85c4a2144a1ca59
                                                                                                                • Instruction Fuzzy Hash: 0E02F475A00218AFDF04DFA8C998A9DBBF6FF4D305B148069F906AB360DB35A945CF50
                                                                                                                Function 640E8A1A Relevance: 16.7, APIs: 11, Instructions: 177COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E8A21
                                                                                                                • GetTickCount.KERNEL32 ref: 640E8A38
                                                                                                                  • Part of subcall function 640E8C2A: __EH_prolog3.LIBCMT ref: 640E8C31
                                                                                                                • GetTickCount.KERNEL32 ref: 640E8A52
                                                                                                                • SetWindowTextW.USER32(?,?), ref: 640E8A99
                                                                                                                • GetDlgItem.USER32(?,0000006F), ref: 640E8AC3
                                                                                                                • GetDlgItem.USER32(?,00000070), ref: 640E8AE5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CountH_prolog3ItemTick$TextWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3171788341-0
                                                                                                                • Opcode ID: 596c147b9c4a3dc9dd1404954a0933eca11115c392335f8a7f5ce8df705827d6
                                                                                                                • Instruction ID: 6af5a302c128851962a36252a7a232ee4e00bf72ed41023ed3d3e7653a938cb5
                                                                                                                • Opcode Fuzzy Hash: 596c147b9c4a3dc9dd1404954a0933eca11115c392335f8a7f5ce8df705827d6
                                                                                                                • Instruction Fuzzy Hash: 22614975A00616DFDB04DFB4C998AAEBBB5FF09308F100868F556EB3A1DB30A915CB51
                                                                                                                Function 6E334611 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 215COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 6E3346A1
                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000FA0), ref: 6E3346B4
                                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 6E3346CD
                                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 6E3346DF
                                                                                                                  • Part of subcall function 6E333E29: RegOpenKeyExW.ADVAPI32(?,?,00000000,-00020018,00000000,80000002,CEIPEnable,00000002), ref: 6E333E94
                                                                                                                  • Part of subcall function 6E333E29: RegQueryValueExW.ADVAPI32(00000000,00000002,00000000,?,?,00000004), ref: 6E333EB0
                                                                                                                  • Part of subcall function 6E333E29: RegCloseKey.ADVAPI32(00000000), ref: 6E333ECE
                                                                                                                • GetLastError.KERNEL32 ref: 6E340A56
                                                                                                                • GetLastError.KERNEL32 ref: 6E340A93
                                                                                                                • GetLastError.KERNEL32 ref: 6E340ABD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$CreateEvent$CloseCountCriticalInitializeOpenQuerySectionSpinValuememset
                                                                                                                • String ID: SamplingInterval$Software\Microsoft\SQMClient
                                                                                                                • API String ID: 171072326-987520630
                                                                                                                • Opcode ID: 0fce98072799c851757da3247f2b9d4059534a859af7cdea4fb2a1dd096daba4
                                                                                                                • Instruction ID: 9ed826ea05e17e9796033e013245cbdf588440c21fd22b24f47bb74d2a4bb614
                                                                                                                • Opcode Fuzzy Hash: 0fce98072799c851757da3247f2b9d4059534a859af7cdea4fb2a1dd096daba4
                                                                                                                • Instruction Fuzzy Hash: BB819D70600791EFD764CF95C880FAABBE9AF45708F20085AE195CB7A0E7B2D545CF50
                                                                                                                Function 640DC78F Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 139COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SysStringLen.OLEAUT32(?), ref: 640DC7FD
                                                                                                                • __time64.LIBCMT ref: 640DC8B6
                                                                                                                  • Part of subcall function 640DC280: __EH_prolog3.LIBCMT ref: 640DC287
                                                                                                                  • Part of subcall function 640DC280: OutputDebugStringW.KERNEL32(?,?,?,00000008,640DC856), ref: 640DC2A8
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 640DC894
                                                                                                                Strings
                                                                                                                • Final Result: Installation completed successfully with success code: (0x%08lX), "%s", xrefs: 640DC818
                                                                                                                • Final Result: Installation aborted, xrefs: 640DC827, 640DC835
                                                                                                                • Final Result: Installation failed with error code: (0x%08lX), "%s", xrefs: 640DC87E
                                                                                                                • Final Result: Installation failed with error code: (0x%08lX), xrefs: 640DC869
                                                                                                                • Final Result: Installation completed successfully with success code: (0x%08lX), xrefs: 640DC80C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: String$DebugFreeH_prolog3Output__time64
                                                                                                                • String ID: Final Result: Installation aborted$Final Result: Installation completed successfully with success code: (0x%08lX)$Final Result: Installation completed successfully with success code: (0x%08lX), "%s"$Final Result: Installation failed with error code: (0x%08lX)$Final Result: Installation failed with error code: (0x%08lX), "%s"
                                                                                                                • API String ID: 1943088043-1330816492
                                                                                                                • Opcode ID: ec5c5266b3c7df8a22f62f467245d6a2cc58edad9835588c2efda8529f7a8cb1
                                                                                                                • Instruction ID: 6418a7cffd9ed349d7959342ff03010409c62f721741d07c79017ff9cff32b66
                                                                                                                • Opcode Fuzzy Hash: ec5c5266b3c7df8a22f62f467245d6a2cc58edad9835588c2efda8529f7a8cb1
                                                                                                                • Instruction Fuzzy Hash: F4516A7250C3559BD700DF69D884F5BBBE9AF96718F040A2DF89197291DB30D80D8BA2
                                                                                                                Function 640E795B Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 115COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E7962
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                • EnumWindows.USER32(640E7C3F,?), ref: 640E79BF
                                                                                                                  • Part of subcall function 640E7BC5: _calloc.LIBCMT ref: 640E7BE6
                                                                                                                  • Part of subcall function 640E7AC7: __EH_prolog3.LIBCMT ref: 640E7ACE
                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000), ref: 640E7ABB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$EnumExceptionRaiseWindows_calloc
                                                                                                                • String ID: complete$Action$Blocking Processes$Enumerating incompatible processes$No Blocking Processes$[ProcessID] [ImageName] [WindowTitle] [WindowVisible]
                                                                                                                • API String ID: 3326300193-1989790735
                                                                                                                • Opcode ID: e1c7d91e2914c565344cd160101e8290dc7f6ef712a37727fbbc3cc5e9781cba
                                                                                                                • Instruction ID: 70b64a8e13b83fc125cb058a427239ec57c58c50c1ff153294eb8f7d05fd388c
                                                                                                                • Opcode Fuzzy Hash: e1c7d91e2914c565344cd160101e8290dc7f6ef712a37727fbbc3cc5e9781cba
                                                                                                                • Instruction Fuzzy Hash: DD419275904229EFEB00EFA4C984FADBBF5FF48718F148055F904EB241CB749A468B61
                                                                                                                Function 640EC626 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 76COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640EC62D
                                                                                                                • SetWindowTextW.USER32(?,?), ref: 640EC63D
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                • SetDlgItemTextW.USER32(?,00000065,00000000), ref: 640EC666
                                                                                                                • SetDlgItemTextW.USER32(?,00000066,00000000), ref: 640EC6A1
                                                                                                                • SetDlgItemTextW.USER32(?,00000002,00000000), ref: 640EC6DC
                                                                                                                • GetParent.USER32(?), ref: 640EC6EF
                                                                                                                  • Part of subcall function 640DE153: GetWindowLongW.USER32(?,000000F0), ref: 640DE179
                                                                                                                  • Part of subcall function 640DE153: GetParent.USER32 ref: 640DE18B
                                                                                                                  • Part of subcall function 640DE153: GetWindowRect.USER32(?,?), ref: 640DE1A5
                                                                                                                  • Part of subcall function 640DE153: GetWindowLongW.USER32(?,000000F0), ref: 640DE1BB
                                                                                                                  • Part of subcall function 640DE153: MonitorFromWindow.USER32(?,00000002), ref: 640DE1DA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Text$Item$H_prolog3LongParent$FromMonitorRect
                                                                                                                • String ID: IDS_REBOOT_REQUIRED$IDS_RESTART_LATER$IDS_RESTART_NOW
                                                                                                                • API String ID: 1194771093-931079857
                                                                                                                • Opcode ID: 70b314f6d96731b2c232e01b3ee381b46d605f5f27d9ade631f3b0a47896f765
                                                                                                                • Instruction ID: 1a64f9e1e84732395218c17c0b6c026c04a197d7da0c47a24ba2a2647e12bc8c
                                                                                                                • Opcode Fuzzy Hash: 70b314f6d96731b2c232e01b3ee381b46d605f5f27d9ade631f3b0a47896f765
                                                                                                                • Instruction Fuzzy Hash: CD318F75600215DFDF10DFA8CC84BADBBB5FF49329B204668F455EB2A5CB319905DB10
                                                                                                                Function 640F1601 Relevance: 15.5, APIs: 10, Instructions: 459windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 640F1656
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                • MapDialogRect.USER32(?,00000000), ref: 640F175E
                                                                                                                • ShowWindow.USER32(00000001,00000001,?,?,?,?,40000000,?,?,00000000), ref: 640F17E3
                                                                                                                • SendMessageW.USER32(?,00000030,?,00000001), ref: 640F17F5
                                                                                                                  • Part of subcall function 640DF589: SendMessageW.USER32(?,00000031,00000000,00000000), ref: 640DF5AC
                                                                                                                  • Part of subcall function 640DF589: GetObjectW.GDI32(00000000,0000005C,?), ref: 640DF5B5
                                                                                                                  • Part of subcall function 640DF589: CreateFontIndirectW.GDI32(?), ref: 640DF600
                                                                                                                  • Part of subcall function 640DF589: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 640DF610
                                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000010), ref: 640F18AD
                                                                                                                • SendMessageW.USER32(?,00000170,?,00000000), ref: 640F18FA
                                                                                                                • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00000010), ref: 640F1931
                                                                                                                  • Part of subcall function 640EF933: SendMessageW.USER32(?,00000172,00000000,?), ref: 640EF944
                                                                                                                • MapDialogRect.USER32(?,00000000), ref: 640F1A58
                                                                                                                • SendMessageW.USER32(?,00000030,?,00000001), ref: 640F1ABD
                                                                                                                • ShowWindow.USER32(?,00000001,?,00000000), ref: 640F1AC8
                                                                                                                  • Part of subcall function 640EF8DE: CreateWindowExW.USER32(00000000,STATIC,?,?,?,?,?,?,?,?,00000000,?), ref: 640EF91E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Window$CreateDialogImageLoadRectShow$FontH_prolog3IndirectObject
                                                                                                                • String ID:
                                                                                                                • API String ID: 727718542-0
                                                                                                                • Opcode ID: 7a49237179a6700b0db046fc9e12d9b546fe08b8a7f46932b7eebe955cef53d2
                                                                                                                • Instruction ID: a2356ff949f25f4f1271d42ede907d0c8fa0c1ecae11da3bde337fb72d035d7c
                                                                                                                • Opcode Fuzzy Hash: 7a49237179a6700b0db046fc9e12d9b546fe08b8a7f46932b7eebe955cef53d2
                                                                                                                • Instruction Fuzzy Hash: 0802E175608310AFCB05DF68C988A1ABBE6FF89714F10496DF9868B360DB35D805CF92
                                                                                                                Function 640EFC53 Relevance: 15.5, APIs: 10, Instructions: 458windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 640EFCA4
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                • MapDialogRect.USER32(?,00000000), ref: 640EFDAC
                                                                                                                • ShowWindow.USER32(?,00000001,?,?,?,?,40000000,?,?,?,00000000), ref: 640EFE32
                                                                                                                • SendMessageW.USER32(?,00000030,?,00000001), ref: 640EFE44
                                                                                                                  • Part of subcall function 640DF589: SendMessageW.USER32(?,00000031,00000000,00000000), ref: 640DF5AC
                                                                                                                  • Part of subcall function 640DF589: GetObjectW.GDI32(00000000,0000005C,?), ref: 640DF5B5
                                                                                                                  • Part of subcall function 640DF589: CreateFontIndirectW.GDI32(?), ref: 640DF600
                                                                                                                  • Part of subcall function 640DF589: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 640DF610
                                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000010), ref: 640EFF02
                                                                                                                • SendMessageW.USER32(?,00000170,?,00000000), ref: 640EFF4F
                                                                                                                • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00000010), ref: 640EFF83
                                                                                                                  • Part of subcall function 640EF933: SendMessageW.USER32(?,00000172,00000000,?), ref: 640EF944
                                                                                                                • MapDialogRect.USER32(?,00000000), ref: 640F00A6
                                                                                                                • SendMessageW.USER32(?,00000030,?,00000001), ref: 640F010B
                                                                                                                • ShowWindow.USER32(?,00000001,?,00000000), ref: 640F0116
                                                                                                                  • Part of subcall function 640EF8DE: CreateWindowExW.USER32(00000000,STATIC,?,?,?,?,?,?,?,?,00000000,?), ref: 640EF91E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Window$CreateDialogImageLoadRectShow$FontH_prolog3IndirectObject
                                                                                                                • String ID:
                                                                                                                • API String ID: 727718542-0
                                                                                                                • Opcode ID: d3190c12e4a308b2b7a871192e8594d80a3ea49944598378ddc059c87d05afc1
                                                                                                                • Instruction ID: eafd417ccbdde152693080fbc4b36a7d59bd5b4fac0bf8c707c9c5a5a39c2fb2
                                                                                                                • Opcode Fuzzy Hash: d3190c12e4a308b2b7a871192e8594d80a3ea49944598378ddc059c87d05afc1
                                                                                                                • Instruction Fuzzy Hash: 9F02E475608301AFDB04DF68C888A1ABBE6FF89314F00496DF9968B361DB35D945CF92
                                                                                                                Function 640F210E Relevance: 15.5, APIs: 10, Instructions: 457windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 640F215F
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                • MapDialogRect.USER32(?,00000000), ref: 640F2267
                                                                                                                • ShowWindow.USER32(?,00000001,?,?,?,?,40000000,?,?,00000000), ref: 640F22ED
                                                                                                                • SendMessageW.USER32(?,00000030,?,00000001), ref: 640F22FF
                                                                                                                  • Part of subcall function 640DF589: SendMessageW.USER32(?,00000031,00000000,00000000), ref: 640DF5AC
                                                                                                                  • Part of subcall function 640DF589: GetObjectW.GDI32(00000000,0000005C,?), ref: 640DF5B5
                                                                                                                  • Part of subcall function 640DF589: CreateFontIndirectW.GDI32(?), ref: 640DF600
                                                                                                                  • Part of subcall function 640DF589: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 640DF610
                                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000010), ref: 640F23BB
                                                                                                                • SendMessageW.USER32(?,00000170,?,00000000), ref: 640F2408
                                                                                                                • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00000010), ref: 640F243C
                                                                                                                  • Part of subcall function 640EF933: SendMessageW.USER32(?,00000172,00000000,?), ref: 640EF944
                                                                                                                • MapDialogRect.USER32(?,00000000), ref: 640F255F
                                                                                                                • SendMessageW.USER32(?,00000030,?,00000001), ref: 640F25C4
                                                                                                                • ShowWindow.USER32(?,00000001,?,00000000), ref: 640F25CF
                                                                                                                  • Part of subcall function 640EF8DE: CreateWindowExW.USER32(00000000,STATIC,?,?,?,?,?,?,?,?,00000000,?), ref: 640EF91E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Window$CreateDialogImageLoadRectShow$FontH_prolog3IndirectObject
                                                                                                                • String ID:
                                                                                                                • API String ID: 727718542-0
                                                                                                                • Opcode ID: 1ca34bf8f46f3edff0c434db19429c5d2c494270eca9d7825f936061944b29fe
                                                                                                                • Instruction ID: 47e9e6e6440c0821b93a2b6420646eef1b88cfa0d83e9f95b07f038bffe62a9f
                                                                                                                • Opcode Fuzzy Hash: 1ca34bf8f46f3edff0c434db19429c5d2c494270eca9d7825f936061944b29fe
                                                                                                                • Instruction Fuzzy Hash: 0302F475604301AFCB04DF68C888A5ABBF6FF89314F14496DF9868B361DB35E845CB92
                                                                                                                Function 6E331A6B Relevance: 15.1, APIs: 10, Instructions: 133sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InterlockedCompareExchange.KERNEL32(6E350164,?,00000000), ref: 6E331AB1
                                                                                                                • _initterm.MSVCRT ref: 6E331AF8
                                                                                                                • InterlockedExchange.KERNEL32(6E350164,00000000), ref: 6E331B0E
                                                                                                                • InterlockedCompareExchange.KERNEL32(6E350164,00000001,00000000), ref: 6E331D46
                                                                                                                • free.MSVCRT ref: 6E331D7A
                                                                                                                • InterlockedExchange.KERNEL32(6E350164,00000000), ref: 6E331D9C
                                                                                                                • Sleep.KERNEL32(000003E8,?,00000000,?,?,6E331DDB,?,00000001,?,?,?,?,6E331C70,0000002C), ref: 6E34451B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExchangeInterlocked$Compare$Sleep_inittermfree
                                                                                                                • String ID:
                                                                                                                • API String ID: 546057305-0
                                                                                                                • Opcode ID: 67bdb82b10a527f7aea8e647dd43787a4b95ea88355ef90c8977521084cc6da8
                                                                                                                • Instruction ID: d756c5953beb7e4fb775f5dc8142d85e6d1b135bdddb619724bc18a6535086c6
                                                                                                                • Opcode Fuzzy Hash: 67bdb82b10a527f7aea8e647dd43787a4b95ea88355ef90c8977521084cc6da8
                                                                                                                • Instruction Fuzzy Hash: 99419E31614791DFEB509FE6C844F5973AEBB0235EF304569E9108B280F7728849CF61
                                                                                                                Function 640E8FA4 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 310COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 640F1169: __EH_prolog3.LIBCMT ref: 640F1170
                                                                                                                  • Part of subcall function 640F1169: GetSystemDirectoryW.KERNEL32(00000000,00000104), ref: 640F11B1
                                                                                                                  • Part of subcall function 640F10EB: __EH_prolog3_GS.LIBCMT ref: 640F10F5
                                                                                                                  • Part of subcall function 640F10EB: _memset.LIBCMT ref: 640F1121
                                                                                                                  • Part of subcall function 640F10EB: GetTempPathW.KERNEL32(00000104,?,Action,?,00000000), ref: 640F1135
                                                                                                                  • Part of subcall function 640EE98E: __EH_prolog3_GS.LIBCMT ref: 640EE995
                                                                                                                  • Part of subcall function 640EE98E: _wmemcpy_s.LIBCMT ref: 640EEA2A
                                                                                                                  • Part of subcall function 640EF0E8: __EH_prolog3.LIBCMT ref: 640EF0EF
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640E7FE0: __EH_prolog3.LIBCMT ref: 640E7FE7
                                                                                                                  • Part of subcall function 640E7FE0: PathGetDriveNumberW.SHLWAPI(?,?,?,00000014,640E9180,?,?,?,?,?,?,?,?), ref: 640E8015
                                                                                                                  • Part of subcall function 640E7FE0: PathGetDriveNumberW.SHLWAPI(?), ref: 640E801C
                                                                                                                  • Part of subcall function 640E7FE0: PathGetDriveNumberW.SHLWAPI(?,?,?,?), ref: 640E8064
                                                                                                                  • Part of subcall function 640E7FE0: PathGetDriveNumberW.SHLWAPI(?), ref: 640E806B
                                                                                                                  • Part of subcall function 640E7FE0: PathGetDriveNumberW.SHLWAPI(00000001,00000001,?,?), ref: 640E80B3
                                                                                                                  • Part of subcall function 640E7FE0: PathGetDriveNumberW.SHLWAPI(?), ref: 640E80BA
                                                                                                                  • Part of subcall function 640E8ECA: __EH_prolog3.LIBCMT ref: 640E8ED1
                                                                                                                  • Part of subcall function 640E8ECA: GetDlgItem.USER32(?,0000004E), ref: 640E8F73
                                                                                                                  • Part of subcall function 640E8ECA: GetDlgItem.USER32(?,?), ref: 640E8F88
                                                                                                                  • Part of subcall function 640E8CD7: __EH_prolog3.LIBCMT ref: 640E8CDE
                                                                                                                  • Part of subcall function 640EF42A: __EH_prolog3.LIBCMT ref: 640EF431
                                                                                                                • ShowWindow.USER32(?,00000000,?,?,?,?,?,?,00000065,00000067), ref: 640E929E
                                                                                                                • ShowWindow.USER32(74402FA0,00000000,?,?,?,?,?,?,00000065,00000067), ref: 640E92B0
                                                                                                                • ShowWindow.USER32(?,00000000,?,00000066,00000068,?,?,?,?,?,?,?,?,?,?,?), ref: 640E9335
                                                                                                                • ShowWindow.USER32(00000012,00000000,?,00000066,00000068,?,?,?,?,?,?,?,?,?,?,?), ref: 640E9347
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3Path$DriveNumber$ShowWindow$H_prolog3_Item$DirectorySystemTemp_memset_wmemcpy_s
                                                                                                                • String ID: Action$Download Drive$Product Drive$System Drive
                                                                                                                • API String ID: 1601511689-2973646315
                                                                                                                • Opcode ID: b16fb2512fe69540f870dc8ee69efcd815c31bc8ba7f26394918ff94365fce6a
                                                                                                                • Instruction ID: fa552502d8e3927e257c4113680b97b65bf953108fd5758fb4dafd0c0183a0f5
                                                                                                                • Opcode Fuzzy Hash: b16fb2512fe69540f870dc8ee69efcd815c31bc8ba7f26394918ff94365fce6a
                                                                                                                • Instruction Fuzzy Hash: 5EC14D721083509FD710DB78C884B5EBBE8FF89718F044A69F999DB291CB31D815CBA2
                                                                                                                Function 640E21B8 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 199COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E21BF
                                                                                                                  • Part of subcall function 640E1F81: __EH_prolog3.LIBCMT ref: 640E1F88
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640DD76F: __EH_prolog3.LIBCMT ref: 640DD776
                                                                                                                  • Part of subcall function 640DCA39: __EH_prolog3.LIBCMT ref: 640DCA40
                                                                                                                  • Part of subcall function 640DCAC2: __EH_prolog3.LIBCMT ref: 640DCAC9
                                                                                                                  • Part of subcall function 640DD170: __EH_prolog3.LIBCMT ref: 640DD177
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 640E2425
                                                                                                                  • Part of subcall function 640FDBDB: RaiseException.KERNEL32(?,?,640F9236,?,?,?,?,?,640F9236,?,64107F54,641122B4), ref: 640FDC1D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$ExceptionException@8RaiseThrow
                                                                                                                • String ID: Bitmap$Font$Icon$Text$UIInfo.xml$UiInfo element 'Static' should have one of Text, Icon or Bitmap elements!
                                                                                                                • API String ID: 1412866469-225342085
                                                                                                                • Opcode ID: 3808c846392f5f3f569e4c06b3d5fd5036923954177011ec67e3d372dd3c448a
                                                                                                                • Instruction ID: a4c1c3235dcbdb07142af5aa6afa4a49fa42564058277eaa73dbef705be054ce
                                                                                                                • Opcode Fuzzy Hash: 3808c846392f5f3f569e4c06b3d5fd5036923954177011ec67e3d372dd3c448a
                                                                                                                • Instruction Fuzzy Hash: 4D81207190026CEFEB01DBE8C984BDEB7B8AF19318F148195E454EB291D734EA09DB61
                                                                                                                Function 640E9584 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E958B
                                                                                                                  • Part of subcall function 640E7F0A: __EH_prolog3.LIBCMT ref: 640E7F11
                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,00000000), ref: 640E96FB
                                                                                                                  • Part of subcall function 640EF42A: __EH_prolog3.LIBCMT ref: 640EF431
                                                                                                                  • Part of subcall function 640F5002: _vwprintf.LIBCMT ref: 640F502C
                                                                                                                  • Part of subcall function 640F5002: _vswprintf_s.LIBCMT ref: 640F5059
                                                                                                                • SendDlgItemMessageW.USER32(00000001,00000070,00000172,00000001,?), ref: 640E9714
                                                                                                                • SetWindowTextW.USER32(?,00000001), ref: 640E9723
                                                                                                                • EnableWindow.USER32(?,00000001), ref: 640E9737
                                                                                                                • EnableWindow.USER32(?,00000000), ref: 640E9748
                                                                                                                • ShowWindow.USER32(?,00000000), ref: 640E9755
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$H_prolog3$Enable$ExceptionItemMessageRaiseSendShowText_vswprintf_s_vwprintf
                                                                                                                • String ID: %s
                                                                                                                • API String ID: 508372071-3043279178
                                                                                                                • Opcode ID: e23153d3a95114f8a82e283f921e6e7efa5fb21bac95f2cc2ab382c7b5307ac6
                                                                                                                • Instruction ID: 51c8adfdca4f31e46fe64a07d5ca3fdb3a2a54b7c93f4141830c606930fc2276
                                                                                                                • Opcode Fuzzy Hash: e23153d3a95114f8a82e283f921e6e7efa5fb21bac95f2cc2ab382c7b5307ac6
                                                                                                                • Instruction Fuzzy Hash: 39513A71A0425AEFEF00DFA8C884BEDFBB1BF09308F104098E654BB292C7756955CB61
                                                                                                                Function 640F75EA Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 74libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640F75F1
                                                                                                                • GetProcAddress.KERNEL32(00000006,GetProcessImageFileNameW), ref: 640F7602
                                                                                                                • GetLastError.KERNEL32 ref: 640F7610
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640EE93B: __EH_prolog3.LIBCMT ref: 640EE942
                                                                                                                  • Part of subcall function 640EF092: __EH_prolog3.LIBCMT ref: 640EF099
                                                                                                                  • Part of subcall function 640F383E: _wcsnlen.LIBCMT ref: 640F3871
                                                                                                                  • Part of subcall function 640F383E: _memcpy_s.LIBCMT ref: 640F38A7
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 640F76DC
                                                                                                                  • Part of subcall function 640FDBDB: RaiseException.KERNEL32(?,?,640F9236,?,?,?,?,?,640F9236,?,64107F54,641122B4), ref: 640FDC1D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$AddressErrorExceptionException@8LastProcRaiseThrow_memcpy_s_wcsnlen
                                                                                                                • String ID: in $Dnd$GetProcAddress looking for $GetProcessImageFileNameW
                                                                                                                • API String ID: 1153917472-2292488242
                                                                                                                • Opcode ID: 2f4942b2b43f1b19f985c715737bf8ae33d5f87b233050631dd4099c99ffca36
                                                                                                                • Instruction ID: 4e2a2c21b3b5d484bb3edc47d1c84a0a83f9896753a5c6f3f05652ce7c40b8a5
                                                                                                                • Opcode Fuzzy Hash: 2f4942b2b43f1b19f985c715737bf8ae33d5f87b233050631dd4099c99ffca36
                                                                                                                • Instruction Fuzzy Hash: BA313C72900168DFEB40DBF8CD44BEEBBB4AF5932CF144264E514E7281EB709A05CB65
                                                                                                                Function 640DFCC3 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55synchronizationthreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 640DFCCA
                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 640DFCD9
                                                                                                                • SetCursor.USER32(00000000,?,640ECF69,?), ref: 640DFCE3
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_0000FD72,?,00000000,00000000), ref: 640DFCFD
                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,00000000,00000000,?,640ECF69,?), ref: 640DFD0C
                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000000,?,640ECF69,?), ref: 640DFD13
                                                                                                                • SetCursor.USER32(00000001,?,00000000,00000000,?,640ECF69,?), ref: 640DFD5F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Cursor$CloseCreateH_prolog3_catchHandleLoadObjectSingleThreadWait
                                                                                                                • String ID: open
                                                                                                                • API String ID: 3568249301-2758837156
                                                                                                                • Opcode ID: 177c67cea267e7b6b782df6276cd3b63cdb81c3e51c4e6c6d3db73153f9be326
                                                                                                                • Instruction ID: e4925e68759358d86b24a25dcfec1ee705753efab4378b9dac91fe5b2a6f74fc
                                                                                                                • Opcode Fuzzy Hash: 177c67cea267e7b6b782df6276cd3b63cdb81c3e51c4e6c6d3db73153f9be326
                                                                                                                • Instruction Fuzzy Hash: 8A11A770904365AFEB009F74CC8CEAE7EBAEB05708F108468F545A7292CF744D498B61
                                                                                                                Function 6E33BA44 Relevance: 13.6, APIs: 9, Instructions: 144COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 6E33BAE2: InitializeCriticalSectionAndSpinCount.KERNEL32(?,80000040,00000000,00000000,6E33BA57,00000000,?,?,00000000,?,6E338733,?,0000000C,6E33BCB8,6E330000), ref: 6E33BAFB
                                                                                                                • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,00000000,?,6E338733,?,0000000C,6E33BCB8,6E330000), ref: 6E33BA86
                                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,00000000,?,?,00000000,?,6E338733,?,0000000C,6E33BCB8,6E330000), ref: 6E33BA9D
                                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,00000000,?,?,00000000,?,6E338733,?,0000000C,6E33BCB8,6E330000), ref: 6E33BAB4
                                                                                                                • GetLastError.KERNEL32(?,?,00000000,?,6E338733,?,0000000C,6E33BCB8,6E330000), ref: 6E342739
                                                                                                                • GetLastError.KERNEL32(?,?,00000000,?,6E338733,?,0000000C,6E33BCB8,6E330000), ref: 6E34276E
                                                                                                                • CloseHandle.KERNEL32(?,00000000,?,?,00000000,?,6E338733,?,0000000C,6E33BCB8,6E330000), ref: 6E3427F4
                                                                                                                • CloseHandle.KERNEL32(?,00000000,?,?,00000000,?,6E338733,?,0000000C,6E33BCB8,6E330000), ref: 6E342801
                                                                                                                • CloseHandle.KERNEL32(?,00000000,?,?,00000000,?,6E338733,?,0000000C,6E33BCB8,6E330000), ref: 6E342812
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseCreateEventHandle$ErrorLast$CountCriticalInitializeSectionSpin
                                                                                                                • String ID:
                                                                                                                • API String ID: 2704725777-0
                                                                                                                • Opcode ID: 5fc6c11b5f0d0fd8ab2af29ecd6d80a21440b5e4d03b64815cded42e21b09728
                                                                                                                • Instruction ID: c8dbe69aeff8a7d0501e0e9844b8eb9f45dddb0c776af63f96cd2464841d8aca
                                                                                                                • Opcode Fuzzy Hash: 5fc6c11b5f0d0fd8ab2af29ecd6d80a21440b5e4d03b64815cded42e21b09728
                                                                                                                • Instruction Fuzzy Hash: E8518970900B95EFCB90DEE9C9D4E5ABBE9BF00344F200869E141EB665D372DA84CB60
                                                                                                                Function 6E335E53 Relevance: 12.6, APIs: 10, Instructions: 124COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2221118986-0
                                                                                                                • Opcode ID: 7e0159214f05f092813d7215edd18f8e7927451cd52de21e904934e0ab6ae338
                                                                                                                • Instruction ID: 3335e069829c2f060a80e4017eeef661426b6ae3db47f316bf2fbccecd5922bd
                                                                                                                • Opcode Fuzzy Hash: 7e0159214f05f092813d7215edd18f8e7927451cd52de21e904934e0ab6ae338
                                                                                                                • Instruction Fuzzy Hash: DE4109B1541B44AFD370CF6AC885E83FBE8BF98704F508D2EA2DA97650DB71B5058B90
                                                                                                                Function 6E347AAB Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 238registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegOpenKeyExW.ADVAPI32(00000000,?,00000000,000F003F,?,Software\Microsoft\SQMClient\Windows,80000002,CabSessionAfterSize), ref: 6E347AE6
                                                                                                                • RegEnumValueW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 6E347C4C
                                                                                                                • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6E347B3D
                                                                                                                  • Part of subcall function 6E3477B8: EtwTraceMessage.NTDLL ref: 6E34781A
                                                                                                                  • Part of subcall function 6E331967: malloc.MSVCRT(?,6E350554), ref: 6E331979
                                                                                                                • RegDeleteValueW.ADVAPI32(00000057,00000000,00000000,00000000,00000026,6E345AB8), ref: 6E347D12
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value$DeleteEnumInfoMessageOpenQueryTracemalloc
                                                                                                                • String ID: CabSessionAfterSize$Software\Microsoft\SQMClient\Windows$W
                                                                                                                • API String ID: 3944082161-4242814227
                                                                                                                • Opcode ID: e95547d414915385bee44bd742eb5fee7d618e61ad30992f17f06b5bb67d692f
                                                                                                                • Instruction ID: 30e94a8d6b9c56bd3f46cee31826b85171956598598f14c2540eb74235d856c8
                                                                                                                • Opcode Fuzzy Hash: e95547d414915385bee44bd742eb5fee7d618e61ad30992f17f06b5bb67d692f
                                                                                                                • Instruction Fuzzy Hash: F7818B71910249FFDB959FD5C884EAA7BEAFF05348F1084A9E914AB2E1D332C944CF50
                                                                                                                Function 640ED86C Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 214windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 640F0324: SendMessageW.USER32(?,00000437,00000000,?), ref: 640F0344
                                                                                                                • _memset.LIBCMT ref: 640ED8B6
                                                                                                                • SendMessageW.USER32(?,0000043A,00000001,?), ref: 640ED8D9
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640ED81A: __EH_prolog3.LIBCMT ref: 640ED821
                                                                                                                  • Part of subcall function 640F0353: GetWindowTextLengthW.USER32(?), ref: 640F035B
                                                                                                                  • Part of subcall function 640F0353: SendMessageW.USER32(?,000000C2,?,00000000), ref: 640F0377
                                                                                                                  • Part of subcall function 640E0D3D: _memset.LIBCMT ref: 640E0D6A
                                                                                                                  • Part of subcall function 640E0D3D: SendMessageW.USER32(?,00000444,00000001,?), ref: 640E0D93
                                                                                                                  • Part of subcall function 640E0E35: _memset.LIBCMT ref: 640E0E62
                                                                                                                  • Part of subcall function 640E0E35: SendMessageW.USER32(?,00000444,00000001,00000074), ref: 640E0E92
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$_memset$H_prolog3$LengthTextWindow
                                                                                                                • String ID: $IDS_INSTALLATION_BLOCKERS$IDS_PRE_INSTALLATION_WARNINGS$IDS_SUCCESS_BLOCKERS_LIST_HEADER$t
                                                                                                                • API String ID: 808874516-693864943
                                                                                                                • Opcode ID: 2da57f5e423748991aafb4b9064f65995faf7406e998029692ac408318bf352d
                                                                                                                • Instruction ID: caea1b79be6cc747837a0b816200caf6e03cccae2baa308aa2fa3d57e006920f
                                                                                                                • Opcode Fuzzy Hash: 2da57f5e423748991aafb4b9064f65995faf7406e998029692ac408318bf352d
                                                                                                                • Instruction Fuzzy Hash: F371BD72904135AFEB609B64CC45F9E7B78EF86718F118194FA18BB290DB34AA46CF50
                                                                                                                Function 6E33E442 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 186timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 6E33E49A
                                                                                                                  • Part of subcall function 6E3318E5: _vsnwprintf.MSVCRT ref: 6E331913
                                                                                                                • GetSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,6E337AF4), ref: 6E3405DD
                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,6E337AF4), ref: 6E3405F1
                                                                                                                  • Part of subcall function 6E33E552: RegOpenKeyExW.ADVAPI32(?,80000001,00000000,-00020005,?,00000000,?,?,?,?,6E33E526,80000001,?,?), ref: 6E33E5A8
                                                                                                                Strings
                                                                                                                • Sampling, xrefs: 6E33E4BA
                                                                                                                • %s\%s\%s, xrefs: 6E33E4C5
                                                                                                                • Software\Microsoft\SQMClient, xrefs: 6E33E4C0
                                                                                                                • Software\Microsoft\SQMClient\Windows\DisabledSessions, xrefs: 6E340668
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Time$System$FileOpen_vsnwprintfmemset
                                                                                                                • String ID: %s\%s\%s$Sampling$Software\Microsoft\SQMClient$Software\Microsoft\SQMClient\Windows\DisabledSessions
                                                                                                                • API String ID: 3792293845-3320126751
                                                                                                                • Opcode ID: 2acf9c9caab7c500c597a2a794cb79da3990f7ed8eb85c5f77d32117f93e7183
                                                                                                                • Instruction ID: b66b467102eaa4597ff62e891b04eed14554e8bf58f46f59e4a6631c266160ea
                                                                                                                • Opcode Fuzzy Hash: 2acf9c9caab7c500c597a2a794cb79da3990f7ed8eb85c5f77d32117f93e7183
                                                                                                                • Instruction Fuzzy Hash: 6061B131600359EBEB919ED0CC94FEA77B9EF05308F2005D8E515AA291E372DA85CF61
                                                                                                                Function 6E332885 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 127synchronizationCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(00000004,00000FA0,?,00000000,00000000), ref: 6E3328C4
                                                                                                                • memset.MSVCRT ref: 6E333C7D
                                                                                                                • OpenMutexW.KERNEL32(00100000,00000000,?,?,?,?,?,?,00000000,00000000), ref: 6E333CB1
                                                                                                                • CreateMutexW.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000000,00000000), ref: 6E333CC0
                                                                                                                • GetLastError.KERNEL32 ref: 6E343E29
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Mutex$CountCreateCriticalErrorInitializeLastOpenSectionSpinmemset
                                                                                                                • String ID: Local\SqmLock_%s
                                                                                                                • API String ID: 435864437-4290917916
                                                                                                                • Opcode ID: 67219fbce7443167b556f9d613a2ff8ebebbc36977b03c651cea6b93588b11ff
                                                                                                                • Instruction ID: c4ac17602a75c48491b6d385eb5d0826aeb8106302e073b696731def7061cfd4
                                                                                                                • Opcode Fuzzy Hash: 67219fbce7443167b556f9d613a2ff8ebebbc36977b03c651cea6b93588b11ff
                                                                                                                • Instruction Fuzzy Hash: 3941D431900255EFDBA09FD5CD88F957BE9BF05344F6044A8E584EB260D772C988CFA1
                                                                                                                Function 6E33443B Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 58libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNEL32(SensApi.dll,00000000,?), ref: 6E334452
                                                                                                                • GetProcAddress.KERNEL32(00000000,IsNetworkAlive), ref: 6E334468
                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 6E33447F
                                                                                                                • GetLastError.KERNEL32 ref: 6E33F8D5
                                                                                                                • GetLastError.KERNEL32 ref: 6E33F912
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLastLibrary$AddressFreeLoadProc
                                                                                                                • String ID: IsNetworkAlive$SensApi.dll
                                                                                                                • API String ID: 1529210728-555838347
                                                                                                                • Opcode ID: 042d8221ea01a922ab3af05e0c16461601b18684933f92d049680bbc52215032
                                                                                                                • Instruction ID: 173744984ddb8538be9fd0593c74e9825c025338bb24b71e91fe9cdfc8b50e01
                                                                                                                • Opcode Fuzzy Hash: 042d8221ea01a922ab3af05e0c16461601b18684933f92d049680bbc52215032
                                                                                                                • Instruction Fuzzy Hash: 8D11C2311406A2AFDB919FD9C988F893B9FBF46245F3002A0F924CB251D773C846CB61
                                                                                                                Function 6E332724 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 55libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNEL32(kernel32.dll,00000000,6E350180,?,6E33270F,00000000,?,6E3326C6,?,?,6E3319CB,Microsoft\Windows\SoftwareQualityMetricsClient,6E350180,00000000,?,6E331C30), ref: 6E332732
                                                                                                                • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 6E332748
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,6E33270F,00000000,?,6E3326C6,?,?,6E3319CB,Microsoft\Windows\SoftwareQualityMetricsClient,6E350180,00000000,?,6E331C30,?,?), ref: 6E332761
                                                                                                                • GetLastError.KERNEL32(?,6E33270F,00000000,?,6E3326C6,?,?,6E3319CB,Microsoft\Windows\SoftwareQualityMetricsClient,6E350180,00000000,?,6E331C30,?,?,?), ref: 6E33F9D0
                                                                                                                • GetLastError.KERNEL32(?,6E33270F,00000000,?,6E3326C6,?,?,6E3319CB,Microsoft\Windows\SoftwareQualityMetricsClient,6E350180,00000000,?,6E331C30,?,?,?), ref: 6E33FA0D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLastLibrary$AddressFreeLoadProc
                                                                                                                • String ID: IsWow64Process$kernel32.dll
                                                                                                                • API String ID: 1529210728-3024904723
                                                                                                                • Opcode ID: 91cfb55ea649ab290941ebc2bd15d8a2ec12e11923bd44300aef7ccbf14fa95f
                                                                                                                • Instruction ID: edd73914e3dc3c6de517de74e622a421de04024c3a950a7251bae9c2ae6fbfbe
                                                                                                                • Opcode Fuzzy Hash: 91cfb55ea649ab290941ebc2bd15d8a2ec12e11923bd44300aef7ccbf14fa95f
                                                                                                                • Instruction Fuzzy Hash: BC116531500696AFCB919ED5CE84E9A3B9EBF46355F210190F914CB263D733C854CFA1
                                                                                                                Function 640DEE95 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640DEE9C
                                                                                                                • FreeLibrary.KERNEL32(00000000,0000000C,640F5B81,?,?,?), ref: 640DEED4
                                                                                                                • LoadLibraryW.KERNEL32(?,0000000C,640F5B81,?,?,?), ref: 640DEEE8
                                                                                                                • GetLastError.KERNEL32(00000000), ref: 640DEF03
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 640DEF35
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Library$ErrorException@8FreeH_prolog3LastLoadThrow
                                                                                                                • String ID: Dnd$LoadLibrary
                                                                                                                • API String ID: 3026435860-3412598151
                                                                                                                • Opcode ID: a9591fcfe885269e3141235da478878fedca029c4bcdcaa6d1e1a3be81b226db
                                                                                                                • Instruction ID: a4ed4a891161c61fc7562abb7e472839b2605f2c874c25a6a9584d513879a8c5
                                                                                                                • Opcode Fuzzy Hash: a9591fcfe885269e3141235da478878fedca029c4bcdcaa6d1e1a3be81b226db
                                                                                                                • Instruction Fuzzy Hash: A8114C71900729DFEB01DF68C98979DBBB4EF14318F04C164E8189F256CB74D919CBA1
                                                                                                                Function 6E33247C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 36libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNEL32(advapi32,?,6E3319A1,00000000,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E332484
                                                                                                                • GetProcAddress.KERNEL32(00000000,TraceMessage), ref: 6E3324A1
                                                                                                                • GetProcAddress.KERNEL32(00000000,TraceMessageVa), ref: 6E3324C0
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,6E3319A1,00000000,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E3324D0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressLibraryProc$FreeLoad
                                                                                                                • String ID: TraceMessage$TraceMessageVa$advapi32
                                                                                                                • API String ID: 2256533930-3542275927
                                                                                                                • Opcode ID: 6a779791e705c9aa43f3986895a0cbabbc00b1bbca8601111cd92007505704ae
                                                                                                                • Instruction ID: 5f75dc5a6d033135db45661c4e80c85a26bfc4efdc4589b3cf1fddd92744856f
                                                                                                                • Opcode Fuzzy Hash: 6a779791e705c9aa43f3986895a0cbabbc00b1bbca8601111cd92007505704ae
                                                                                                                • Instruction Fuzzy Hash: 1CF03C71800BA2EBCB809BA9D984F563BAEBB82758B704259E508C7305E7328845DF60
                                                                                                                Function 640DE9B3 Relevance: 12.1, APIs: 8, Instructions: 109COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CallNextHookEx.USER32(?,00000005,?,?), ref: 640DE9CF
                                                                                                                • UnhookWindowsHookEx.USER32(?), ref: 640DE9FD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Hook$CallNextUnhookWindows
                                                                                                                • String ID:
                                                                                                                • API String ID: 969045306-0
                                                                                                                • Opcode ID: b780676353ace87a7b6f2ef03b26bc2649cee2e67f6ce02da1a76f40d40ea2dd
                                                                                                                • Instruction ID: f446758ec5d79ebd66df98b24fc7bc6439130b4c4eea1dea1c1ffbcb9cd20bde
                                                                                                                • Opcode Fuzzy Hash: b780676353ace87a7b6f2ef03b26bc2649cee2e67f6ce02da1a76f40d40ea2dd
                                                                                                                • Instruction Fuzzy Hash: 5A414B31A00F1AEFDB10CF18C888BA9BBE5FF01719F108525F8659B1A0D735E958CB90
                                                                                                                Function 6E337B37 Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 95COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 6E337B80
                                                                                                                  • Part of subcall function 6E333E29: RegOpenKeyExW.ADVAPI32(?,?,00000000,-00020018,00000000,80000002,CEIPEnable,00000002), ref: 6E333E94
                                                                                                                  • Part of subcall function 6E333E29: RegQueryValueExW.ADVAPI32(00000000,00000002,00000000,?,?,00000004), ref: 6E333EB0
                                                                                                                  • Part of subcall function 6E333E29: RegCloseKey.ADVAPI32(00000000), ref: 6E333ECE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpenQueryValuememset
                                                                                                                • String ID: d3n$ $%s\%s$IsTest$MSFTInternal$Software\Microsoft\SQMClient$Software\Policies\Microsoft\SQMClient
                                                                                                                • API String ID: 1830152886-40133372
                                                                                                                • Opcode ID: 483897abdb7743b00652d9858bd92244f3923209f2328e602932141a0187cf4f
                                                                                                                • Instruction ID: 2e22cae646a0919f0350645dd3a06c4e7460bbbe51ed6e9a8c704942cb3a6b61
                                                                                                                • Opcode Fuzzy Hash: 483897abdb7743b00652d9858bd92244f3923209f2328e602932141a0187cf4f
                                                                                                                • Instruction Fuzzy Hash: 7731A1B194026DAADB50DA94CC88FDB77BCAF54308F7005E6A418E2291D7758F86CFA1
                                                                                                                Function 6E3317EB Relevance: 12.1, APIs: 8, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • malloc.MSVCRT ref: 6E3317F6
                                                                                                                • _callnewh.MSVCRT ref: 6E344473
                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 6E3444AC
                                                                                                                • _CxxThrowException.MSVCRT(00000001,6E34E290), ref: 6E3444BA
                                                                                                                • _callnewh.MSVCRT ref: 6E3444C3
                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 6E3444FC
                                                                                                                • _CxxThrowException.MSVCRT(00000001,6E34E290), ref: 6E34450A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionThrow_callnewhstd::bad_exception::bad_exception$malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2452255883-0
                                                                                                                • Opcode ID: 93f02b07cef364f48415e90a3863baba06ad438f1711b0237b190d505af8b900
                                                                                                                • Instruction ID: 870315f9dd307e5a425870e4a23f43c18520bf58c50af1a36dc43d0e5246756c
                                                                                                                • Opcode Fuzzy Hash: 93f02b07cef364f48415e90a3863baba06ad438f1711b0237b190d505af8b900
                                                                                                                • Instruction Fuzzy Hash: 1E11C23290821DEADF04ABE1DC009DD3BEDAF4025CF104864EC51A9254FF339A069A90
                                                                                                                Function 640DF4D6 Relevance: 12.0, APIs: 8, Instructions: 35COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32(?), ref: 640DF4E8
                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 640DF4F3
                                                                                                                • GetDlgItem.USER32(?,?), ref: 640DF4FB
                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 640DF500
                                                                                                                • GetDlgItem.USER32(?,?), ref: 640DF508
                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 640DF50D
                                                                                                                • GetDlgItem.USER32(?,?), ref: 640DF515
                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 640DF51A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: EnableItemWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3833022359-0
                                                                                                                • Opcode ID: 44e81387409dfb72438f36a78104a4ad0fb1d92dd607564793eb56ecc8ff54ca
                                                                                                                • Instruction ID: 18f34a94e4cce158eaaa9b87d9a36c5ad622b1db04be77d594061f4961a20607
                                                                                                                • Opcode Fuzzy Hash: 44e81387409dfb72438f36a78104a4ad0fb1d92dd607564793eb56ecc8ff54ca
                                                                                                                • Instruction Fuzzy Hash: 18F09E7254025877CF212FA6DC09F4B3E29EFC5750F154461FA049A060CA72D861DFE4
                                                                                                                Function 6E33A2A6 Relevance: 11.0, APIs: 5, Strings: 1, Instructions: 452fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 6E331967: malloc.MSVCRT(?,6E350554), ref: 6E331979
                                                                                                                • CreateFileW.KERNEL32(6E33ACC8,C0000000,00000000,00000000,00000001,00000002,00002080,00000000,00000000,?,00000000,00000010,?,00000000,00000010,00000094), ref: 6E33A465
                                                                                                                • WriteFile.KERNEL32(000003E0,00000000,?,6E33ACC8,00000000,?,?), ref: 6E33A488
                                                                                                                • CloseHandle.KERNEL32(000003E0,?,?), ref: 6E33A4A8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$CloseCreateHandleWritemalloc
                                                                                                                • String ID: x
                                                                                                                • API String ID: 4113784837-2363233923
                                                                                                                • Opcode ID: 8b14e05a74e33d57ec02ce8cdbbbf23d2077f2737edb1b9977ec9f382d0ecd8d
                                                                                                                • Instruction ID: 01a49da1dd15e2536d478f29f5b1574fbecc575123b393316b078a16cf6194de
                                                                                                                • Opcode Fuzzy Hash: 8b14e05a74e33d57ec02ce8cdbbbf23d2077f2737edb1b9977ec9f382d0ecd8d
                                                                                                                • Instruction Fuzzy Hash: 110269319402AAEFDF91CEC4C995FAD7BB6BF05314F2105A8E950AB761D332D981CB60
                                                                                                                Function 640E48B6 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 180COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E48BD
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640DD76F: __EH_prolog3.LIBCMT ref: 640DD776
                                                                                                                  • Part of subcall function 640E1F81: __EH_prolog3.LIBCMT ref: 640E1F88
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: Drive1$Drive2$Drive3$Placement$Text
                                                                                                                • API String ID: 431132790-3260609399
                                                                                                                • Opcode ID: 4e81f39229145f0d0e305b4a1f5bb982c162bf3cc34ab76960fae2256244b50d
                                                                                                                • Instruction ID: 49f3d4f5b40e086ff7f305ca6b7774a60885b43b30180794067d3ae6f3ce8527
                                                                                                                • Opcode Fuzzy Hash: 4e81f39229145f0d0e305b4a1f5bb982c162bf3cc34ab76960fae2256244b50d
                                                                                                                • Instruction Fuzzy Hash: 9E712E7190015CEFEF00DBE8C944BEEBBB8AF19318F184198E554E7291DB74EA09DB61
                                                                                                                Function 640E7FE0 Relevance: 10.7, APIs: 7, Instructions: 175COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E7FE7
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                • PathGetDriveNumberW.SHLWAPI(?,?,?,00000014,640E9180,?,?,?,?,?,?,?,?), ref: 640E8015
                                                                                                                • PathGetDriveNumberW.SHLWAPI(?), ref: 640E801C
                                                                                                                • PathGetDriveNumberW.SHLWAPI(?,?,?,?), ref: 640E8064
                                                                                                                • PathGetDriveNumberW.SHLWAPI(?), ref: 640E806B
                                                                                                                • PathGetDriveNumberW.SHLWAPI(00000001,00000001,?,?), ref: 640E80B3
                                                                                                                • PathGetDriveNumberW.SHLWAPI(?), ref: 640E80BA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DriveNumberPath$H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 2285536258-0
                                                                                                                • Opcode ID: f74528a6a64c1cb3d7c124ec126fddd960aaef5ab7fd9659ec5ec92b946ab159
                                                                                                                • Instruction ID: 5f344c3cd63682dba600d692da86ebfc49f9716e0a906e4a47c427a400a59f58
                                                                                                                • Opcode Fuzzy Hash: f74528a6a64c1cb3d7c124ec126fddd960aaef5ab7fd9659ec5ec92b946ab159
                                                                                                                • Instruction Fuzzy Hash: 1881FB75900219DFCB04CF68C88499DBBB5FF49338B29C599E858AB361C735E952CF90
                                                                                                                Function 640E4E46 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 170COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E4E4D
                                                                                                                  • Part of subcall function 640E396A: __EH_prolog3.LIBCMT ref: 640E3971
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640E3AD4: __EH_prolog3.LIBCMT ref: 640E3ADB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: CreateLayout$Install$Repair$Uninstall$UninstallPatch
                                                                                                                • API String ID: 431132790-791770018
                                                                                                                • Opcode ID: eaafd754cb227e92c4b9a2d157c5bca5945e3d5ca394d4c43765e06a768c2c6e
                                                                                                                • Instruction ID: ee4ab93d1168d83c6208fd1e78509a7282b5083d2b6b9f75e4bee45e4e20eaac
                                                                                                                • Opcode Fuzzy Hash: eaafd754cb227e92c4b9a2d157c5bca5945e3d5ca394d4c43765e06a768c2c6e
                                                                                                                • Instruction Fuzzy Hash: 78715E71900659EFEB00CFB8CD44BEEBBF8AF09308F148559E459E7241DB74AA09DB61
                                                                                                                Function 6E33E1A5 Relevance: 10.7, APIs: 7, Instructions: 169threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentThread.KERNEL32 ref: 6E33E1F0
                                                                                                                • GetThreadPriority.KERNEL32(00000000,?,6E33BFF6,?,00000000,00000000,?,?,?,PUT,00000000,?,6E337AF4), ref: 6E33E1F3
                                                                                                                • GetCurrentThread.KERNEL32 ref: 6E33E201
                                                                                                                • SetThreadPriority.KERNEL32(00000000,?,6E33BFF6,?,00000000,00000000,?,?,?,PUT,00000000,?,6E337AF4), ref: 6E33E204
                                                                                                                • GetCurrentThread.KERNEL32 ref: 6E33E313
                                                                                                                • SetThreadPriority.KERNEL32(00000000,?,6E33BFF6,?,00000000,00000000,?,?,?,PUT,00000000,?,6E337AF4), ref: 6E33E31A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Thread$CurrentPriority
                                                                                                                • String ID:
                                                                                                                • API String ID: 1343868529-0
                                                                                                                • Opcode ID: 5124210069205a09dab66a9934c12b6f85a8595df6f40c3f8de8a06544dc006b
                                                                                                                • Instruction ID: e4508ad1b09518d335f84465b04beca0f1d86a11577647e8c04cf78a1b41ceaa
                                                                                                                • Opcode Fuzzy Hash: 5124210069205a09dab66a9934c12b6f85a8595df6f40c3f8de8a06544dc006b
                                                                                                                • Instruction Fuzzy Hash: EE519D349003A4DBDB608FA6C898EE9B7FABB49355F200099E589D7350C7B58EC4CF60
                                                                                                                Function 6E334197 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 147libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNEL32(Winhttp.dll), ref: 6E3341C6
                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 6E3341D5
                                                                                                                • EnterCriticalSection.KERNEL32(6E350168,?,?,?,?,?), ref: 6E3341F9
                                                                                                                  • Part of subcall function 6E334281: memset.MSVCRT ref: 6E3342CF
                                                                                                                  • Part of subcall function 6E334281: EnterCriticalSection.KERNEL32(00000030,?,00000104,?,80000002,Software\Microsoft\SQMClient,DoNotDeleteFileAfterUpload,?,00000000,?,6E350168), ref: 6E33434C
                                                                                                                  • Part of subcall function 6E334281: FindFirstFileW.KERNEL32(?,?,?,6E350168), ref: 6E334392
                                                                                                                  • Part of subcall function 6E334281: LeaveCriticalSection.KERNEL32(?,?,6E350168), ref: 6E3343CD
                                                                                                                • LeaveCriticalSection.KERNEL32(6E350168,?,?,?,?,?,?,00000000,?,?,?,?,?), ref: 6E33424A
                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?), ref: 6E334253
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterLeaveLibrary$ErrorFileFindFirstFreeLastLoadmemset
                                                                                                                • String ID: Winhttp.dll
                                                                                                                • API String ID: 4214541343-1936088768
                                                                                                                • Opcode ID: 2ec954c2d02d1cfb1bea8b17dfb1e76ee6cdf6964948f2610629cbd7bf07845c
                                                                                                                • Instruction ID: 277c7b399648ad8fb6d1853426880a07abf6abf5de7e1ccbc6aa4cde4a811bf2
                                                                                                                • Opcode Fuzzy Hash: 2ec954c2d02d1cfb1bea8b17dfb1e76ee6cdf6964948f2610629cbd7bf07845c
                                                                                                                • Instruction Fuzzy Hash: 1D5199315447A1EBCB929FD68C94F993AAAAF41348F3104A5F964EA2A1D377C8918F10
                                                                                                                Function 6E33583D Relevance: 10.6, APIs: 7, Instructions: 126COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetTempPathW.KERNEL32(00000000,00000000,00000000,00000000), ref: 6E335875
                                                                                                                • GetLongPathNameW.KERNEL32(00000000,?,00000104), ref: 6E3358A7
                                                                                                                • CreateDirectoryW.KERNEL32(00000000,00000000,00000000), ref: 6E342890
                                                                                                                • GetLastError.KERNEL32(00000000,00000000,00000012,6E345B28,00000000), ref: 6E3428C6
                                                                                                                • GetLastError.KERNEL32 ref: 6E3428D1
                                                                                                                • GetLastError.KERNEL32 ref: 6E34294D
                                                                                                                • GetLastError.KERNEL32(00000000,00000000,00000011,6E345B28,00000000), ref: 6E342967
                                                                                                                  • Part of subcall function 6E3358E8: GetFileAttributesW.KERNEL32(6E335892,?,6E335892,00000000), ref: 6E3358F0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$Path$AttributesCreateDirectoryFileLongNameTemp
                                                                                                                • String ID:
                                                                                                                • API String ID: 4207547965-0
                                                                                                                • Opcode ID: 3b93b98dcb30f0cddfa8843d42b5e217257dbcb7601a5a597d344f0e1add7a2e
                                                                                                                • Instruction ID: d429d7d869f933684dd5a73f26787bd7b55b41ce1715f2230f0e25a7e73e5b05
                                                                                                                • Opcode Fuzzy Hash: 3b93b98dcb30f0cddfa8843d42b5e217257dbcb7601a5a597d344f0e1add7a2e
                                                                                                                • Instruction Fuzzy Hash: C141E231640255FBCBA19FD58E58F9A3BE9AF09344F210890F854EB261D762C894CFA1
                                                                                                                Function 6E34853A Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 110COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 6E348568
                                                                                                                  • Part of subcall function 6E348316: LocalFree.KERNEL32(?), ref: 6E348527
                                                                                                                  • Part of subcall function 6E348097: memset.MSVCRT ref: 6E3480D6
                                                                                                                  • Part of subcall function 6E348097: memset.MSVCRT ref: 6E3480EF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memset$FreeLocal
                                                                                                                • String ID: *.psqm$*.sqm$CabSessionAfterSize$Microsoft\Windows\Sqm\Sessions$Microsoft\Windows\Sqm\Upload$Software\Microsoft\SQMClient\Windows
                                                                                                                • API String ID: 1741899810-2150350095
                                                                                                                • Opcode ID: 58f0dcf042d28de346b5f78422a843bcfb7fbb0b53dcfe8f40a6ab2a389b99da
                                                                                                                • Instruction ID: c04e3c6bb824381930ab122fe04b347d9beeff34304afea77031ab5861cb7146
                                                                                                                • Opcode Fuzzy Hash: 58f0dcf042d28de346b5f78422a843bcfb7fbb0b53dcfe8f40a6ab2a389b99da
                                                                                                                • Instruction Fuzzy Hash: FA31F635A00305EACB819AD49CE4FAA37ED9B4530CF2608A8F715DB351D36BC8558FD1
                                                                                                                Function 640E1C23 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 99COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetWindowTextW.USER32(?,640D79E4), ref: 640E1C97
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E1C2A
                                                                                                                  • Part of subcall function 640F4870: __EH_prolog3.LIBCMT ref: 640F4877
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$TextWindow
                                                                                                                • String ID: %1.$IDS_CANCELLING$IDS_PLEASE_WAIT$User Cancelled!
                                                                                                                • API String ID: 1938513527-756668064
                                                                                                                • Opcode ID: 8747836078042cf199069e5e04d853e62fc34a279908969b1b6c7f3aa094775d
                                                                                                                • Instruction ID: 737b64b158e87645ec3f698315ba8eb2a2c13f7320feda1d1f9cf28b0e91ac37
                                                                                                                • Opcode Fuzzy Hash: 8747836078042cf199069e5e04d853e62fc34a279908969b1b6c7f3aa094775d
                                                                                                                • Instruction Fuzzy Hash: 56416E719042299FEF00DFA4CC80BED7BB5BF4631CF1841A5E814AF2A6CB709955CB61
                                                                                                                Function 6E339C65 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 6E339CB8
                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 6E339CEB
                                                                                                                • InterlockedCompareExchange.KERNEL32(00000000,00000000,00000000), ref: 6E339D02
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressCompareExchangeInterlockedLibraryLoadProc
                                                                                                                • String ID: $
                                                                                                                • API String ID: 792202920-3993045852
                                                                                                                • Opcode ID: c23fa066f3bd83343f35427fb54d730779cc35cbe23762267d9ad908af11563b
                                                                                                                • Instruction ID: 9defad74918f15cde48528105116f5e65554b1993202a2450a2b10f836deed69
                                                                                                                • Opcode Fuzzy Hash: c23fa066f3bd83343f35427fb54d730779cc35cbe23762267d9ad908af11563b
                                                                                                                • Instruction Fuzzy Hash: 0C31C076A00654EFDB11CF99C884F99BBF9FF48311F308029E815AB244DB71EA44CB60
                                                                                                                Function 640EF6DE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _memset$H_prolog3_Version
                                                                                                                • String ID: Z$rtf
                                                                                                                • API String ID: 3297208538-589749439
                                                                                                                • Opcode ID: cd588e83534470731f0aaa1a6ea069acc7d65a1eeea36b85287acc9cc5e5628b
                                                                                                                • Instruction ID: 2f5864c4cbfc87f15e85c9d7034c1ee5289de69bb568dd739de5b7a1da157fc0
                                                                                                                • Opcode Fuzzy Hash: cd588e83534470731f0aaa1a6ea069acc7d65a1eeea36b85287acc9cc5e5628b
                                                                                                                • Instruction Fuzzy Hash: 033149B09007249FEB61CF64C840BAAB7F4FF0C704F00496EE98A97640E770A658CF55
                                                                                                                Function 6E333292 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 6E33329D
                                                                                                                • VirtualFree.KERNEL32(?,?,00004000,00000000,?,6E333279,?,6E333238,00000000,?,?,00000000,00000000,?), ref: 6E33B502
                                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000,?,6E333279,?,6E333238,00000000,?,?,00000000,00000000,?), ref: 6E33B511
                                                                                                                • ctype.LIBCPMT ref: 6E33B52F
                                                                                                                • ctype.LIBCPMT ref: 6E33B549
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeVirtualctype$DecrementInterlocked
                                                                                                                • String ID:
                                                                                                                • API String ID: 2528146720-0
                                                                                                                • Opcode ID: f6c7de211a2a6e1859e2712b5e8de7b328268cee00f197f916bac10563d8a0f9
                                                                                                                • Instruction ID: 526b6770db054014246dcd2b23f941ab12445607acecd4dd9fad173b89436212
                                                                                                                • Opcode Fuzzy Hash: f6c7de211a2a6e1859e2712b5e8de7b328268cee00f197f916bac10563d8a0f9
                                                                                                                • Instruction Fuzzy Hash: 86116D71600A96AFEB609F95C894E9AB7FCEF44344F30882DE19AD7144CB71AD45CB60
                                                                                                                Function 640E30B1 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 640F6041: __EH_prolog3.LIBCMT ref: 640F6048
                                                                                                                  • Part of subcall function 640F6041: GetCommandLineW.KERNEL32(0000001C,640E30C2,?), ref: 640F604D
                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,?,?), ref: 640E3136
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CommandExceptionH_prolog3LineRaise
                                                                                                                • String ID: CreateLayout$Install$Repair$Uninstall$UninstallPatch
                                                                                                                • API String ID: 683617612-791770018
                                                                                                                • Opcode ID: 2c2448fc11eb28c6664f7df0fb13836cfd34b7a14fa0d4e4a0c8209ecd195c20
                                                                                                                • Instruction ID: 72741130e3d2c09a319d0a5c54326859d9d4a766e9bffaca690cf83422d19b01
                                                                                                                • Opcode Fuzzy Hash: 2c2448fc11eb28c6664f7df0fb13836cfd34b7a14fa0d4e4a0c8209ecd195c20
                                                                                                                • Instruction Fuzzy Hash: 2E012832304679AFDE30DB5DC810F6ABE999B88378F558421EA148B960CB32E826C251
                                                                                                                Function 640EB6A5 Relevance: 10.5, APIs: 7, Instructions: 44windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 640DE389: GetParent.USER32 ref: 640DE390
                                                                                                                  • Part of subcall function 640DE389: PostMessageW.USER32(00000000,00000470,00000000,?), ref: 640DE3A1
                                                                                                                  • Part of subcall function 640DE36B: GetParent.USER32(?), ref: 640DE36D
                                                                                                                  • Part of subcall function 640DE36B: SendMessageW.USER32(00000000,0000046B,00000000,00000000), ref: 640DE37D
                                                                                                                • GetParent.USER32(00000069), ref: 640EB6D1
                                                                                                                • GetSystemMenu.USER32(00000000,00000000,0000F060,00000000,?,?,00000000,640F20A8,00000001,?,640F2023,?,000006F5,?,?,?), ref: 640EB6DD
                                                                                                                • EnableMenuItem.USER32(00000000), ref: 640EB6E4
                                                                                                                • SetWindowLongW.USER32(00000069,000000F4,00000069), ref: 640EB6F0
                                                                                                                • GetParent.USER32(00000069), ref: 640EB6FB
                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 640EB6FF
                                                                                                                • PostMessageW.USER32(00000069,000006F5,00000000,00000000), ref: 640EB710
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Parent$Message$MenuPostWindow$EnableItemLongSendSystemText
                                                                                                                • String ID:
                                                                                                                • API String ID: 2729316450-0
                                                                                                                • Opcode ID: d22baaea4955c405cd9b3e1ef13533bc285014278c945acede3e9ddbeb94aaff
                                                                                                                • Instruction ID: 59ac42f59f46bbe528bdadab315045fbf38044d974102526b0c0e21f001a636f
                                                                                                                • Opcode Fuzzy Hash: d22baaea4955c405cd9b3e1ef13533bc285014278c945acede3e9ddbeb94aaff
                                                                                                                • Instruction Fuzzy Hash: 75016D75244620BFEB205FA5CC48F29BF69EB49B54F200424F644DB590CB72A8258B84
                                                                                                                Function 640F4ECE Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 42COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640F4ED5
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: Eula$None$Progress Page$SystemRequirement$Welcome
                                                                                                                • API String ID: 431132790-1170989405
                                                                                                                • Opcode ID: 8de10a20b00e2db0360927971eb4ca3f4cf4e29cebb26f5f1558dc766a01ef91
                                                                                                                • Instruction ID: ef914b6f09271e52d37d2785a845549003a746b32685b7f52048f7fbc8fde623
                                                                                                                • Opcode Fuzzy Hash: 8de10a20b00e2db0360927971eb4ca3f4cf4e29cebb26f5f1558dc766a01ef91
                                                                                                                • Instruction Fuzzy Hash: 3A012DB260123497AB40DF588DC036DB291AFB56387658522ED18DF310C770DD4BD782
                                                                                                                Function 6410288F Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 23COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __getptd.LIBCMT ref: 641028B0
                                                                                                                  • Part of subcall function 640F9BE0: __getptd_noexit.LIBCMT ref: 640F9BE3
                                                                                                                  • Part of subcall function 640F9BE0: __amsg_exit.LIBCMT ref: 640F9BF0
                                                                                                                • __getptd.LIBCMT ref: 641028C1
                                                                                                                • __getptd.LIBCMT ref: 641028CF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                • String ID: MOC$RCC$csm
                                                                                                                • API String ID: 803148776-2671469338
                                                                                                                • Opcode ID: c95cb452513ca19a93679836afc226ef36163cfd16b51e0311ae908c2184dada
                                                                                                                • Instruction ID: b6b641ddd253d5e9ab1925bb01205d250471133f274eb6b871b7517d6a2ce4b9
                                                                                                                • Opcode Fuzzy Hash: c95cb452513ca19a93679836afc226ef36163cfd16b51e0311ae908c2184dada
                                                                                                                • Instruction Fuzzy Hash: 48E0ED381681188ED720AB64C59979833D4BB54718F6544F2D80C87222CB34A8918A52
                                                                                                                Function 640F849B Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 17libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNEL32(kernel32.dll,?,640F84EB), ref: 640F84AA
                                                                                                                • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 640F84C1
                                                                                                                • GetProcAddress.KERNEL32(DecodePointer), ref: 640F84D3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$LibraryLoad
                                                                                                                • String ID: DecodePointer$EncodePointer$kernel32.dll
                                                                                                                • API String ID: 2238633743-1525541703
                                                                                                                • Opcode ID: 9ed926ce2a5d7394f879ec7e3388b94cd584ec0adc88ead668a2660db7cdd21c
                                                                                                                • Instruction ID: 521e623f4f228be6f0c73085c4ef39d6c754c2f6c7bfb8c385305fd63f52dee0
                                                                                                                • Opcode Fuzzy Hash: 9ed926ce2a5d7394f879ec7e3388b94cd584ec0adc88ead668a2660db7cdd21c
                                                                                                                • Instruction Fuzzy Hash: 65E0EC768183369BCF00EFA69949FC63EA4F74B250F014026E814A3544C7341045DF91
                                                                                                                Function 6E3382AD Relevance: 9.2, APIs: 6, Instructions: 214COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 6E3382E7
                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 6E3382F8
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 6E338324
                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000), ref: 6E340D27
                                                                                                                • ctype.LIBCPMT ref: 6E340D8E
                                                                                                                  • Part of subcall function 6E337C62: memmove.MSVCRT(?,?,?,?,?,6E338320,00000000), ref: 6E337C93
                                                                                                                  • Part of subcall function 6E33E3B3: EnterCriticalSection.KERNEL32(?,?,00000000,6E3383DB,?), ref: 6E33E3BD
                                                                                                                  • Part of subcall function 6E33E3B3: ctype.LIBCPMT ref: 6E33E3CC
                                                                                                                  • Part of subcall function 6E33E3B3: LeaveCriticalSection.KERNEL32(?,?,00000000,6E3383DB,?), ref: 6E33E3EC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterLeavectype$ExceptionRaisememmovememset
                                                                                                                • String ID:
                                                                                                                • API String ID: 1998214256-0
                                                                                                                • Opcode ID: 4754009f009c2c593a10f63aef98c3462565632d84ae6230a2bf630205f545dd
                                                                                                                • Instruction ID: d65616fb42f7c8a47348b37a4319ecb3299db61f4526199cbf7909cb5e640a73
                                                                                                                • Opcode Fuzzy Hash: 4754009f009c2c593a10f63aef98c3462565632d84ae6230a2bf630205f545dd
                                                                                                                • Instruction Fuzzy Hash: A981AC34200744DFDB94DFE4C894F967BEABF4A308F2044A8E6558B6A0E732E949CF51
                                                                                                                Function 6E348316 Relevance: 9.2, APIs: 6, Instructions: 161COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?,00000000,?,?), ref: 6E348442
                                                                                                                • GetSecurityDescriptorOwner.ADVAPI32(?,?,?), ref: 6E348464
                                                                                                                • GetLastError.KERNEL32 ref: 6E348488
                                                                                                                • SetNamedSecurityInfoW.ADVAPI32(00000001,00000001,80000005,?,00000000,?,00000000), ref: 6E3484B5
                                                                                                                • GetLastError.KERNEL32 ref: 6E3484FE
                                                                                                                • LocalFree.KERNEL32(?), ref: 6E348527
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Security$DescriptorErrorLast$DaclFreeInfoLocalNamedOwner
                                                                                                                • String ID:
                                                                                                                • API String ID: 442303658-0
                                                                                                                • Opcode ID: b4e658f5752eeca82d33a5d2a2a296a557a7988782db557579f48967882bce6a
                                                                                                                • Instruction ID: 510d32a265138f643ce6360ebd07b8004734045243beb88fcd12b084da82c97d
                                                                                                                • Opcode Fuzzy Hash: b4e658f5752eeca82d33a5d2a2a296a557a7988782db557579f48967882bce6a
                                                                                                                • Instruction Fuzzy Hash: 5A515E35954649EBCB928ED4CC84FAA3BFABF05315F204095FA14AB261D372CA94CFD1
                                                                                                                Function 640E7C58 Relevance: 9.1, APIs: 6, Instructions: 140threadwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E7C5F
                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 640E7C71
                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 640E7C77
                                                                                                                • GetWindowTextW.USER32(?,00000010,?), ref: 640E7CF6
                                                                                                                • IsWindowVisible.USER32(?), ref: 640E7D1D
                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,?,?,?,?), ref: 640E7DF3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Process$CurrentExceptionH_prolog3RaiseTextThreadVisible
                                                                                                                • String ID:
                                                                                                                • API String ID: 905677211-0
                                                                                                                • Opcode ID: 00a8580a2acb5b0e886406d4eb329ea292c96379f0e877d12aedef87a46f3029
                                                                                                                • Instruction ID: 18e1477fbb078a0d2e2f6967acc47e2eccc2155d50a135171684b579daf633fc
                                                                                                                • Opcode Fuzzy Hash: 00a8580a2acb5b0e886406d4eb329ea292c96379f0e877d12aedef87a46f3029
                                                                                                                • Instruction Fuzzy Hash: B4514B7190412AEFDF04DFA4C984BEEBBB5FF04358F10816AE915AB151D730DA65CBA0
                                                                                                                Function 6E338067 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 101COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 6E338097
                                                                                                                  • Part of subcall function 6E3318E5: _vsnwprintf.MSVCRT ref: 6E331913
                                                                                                                  • Part of subcall function 6E333E29: RegOpenKeyExW.ADVAPI32(?,?,00000000,-00020018,00000000,80000002,CEIPEnable,00000002), ref: 6E333E94
                                                                                                                  • Part of subcall function 6E333E29: RegQueryValueExW.ADVAPI32(00000000,00000002,00000000,?,?,00000004), ref: 6E333EB0
                                                                                                                  • Part of subcall function 6E333E29: RegCloseKey.ADVAPI32(00000000), ref: 6E333ECE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpenQueryValue_vsnwprintfmemset
                                                                                                                • String ID: d3n$%s\%s$Software\Microsoft\SQMClient$Software\Policies\Microsoft\SQMClient$StudyId
                                                                                                                • API String ID: 908408749-2379614845
                                                                                                                • Opcode ID: d4e9a65ff6fe5a5236347ec2992140512dd4834a7cbcba14c25521fd0f562abb
                                                                                                                • Instruction ID: 6b185829bf18421aaae42874ad6eb191683ce37aedba6db63a61b836099f943e
                                                                                                                • Opcode Fuzzy Hash: d4e9a65ff6fe5a5236347ec2992140512dd4834a7cbcba14c25521fd0f562abb
                                                                                                                • Instruction Fuzzy Hash: 5D31D9B1D012E9BAD750DAD5CC94FE677ACAF11348F700499E914DB292D3B2CA84CF61
                                                                                                                Function 6E3381BC Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 87COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 6E3381EC
                                                                                                                  • Part of subcall function 6E3318E5: _vsnwprintf.MSVCRT ref: 6E331913
                                                                                                                  • Part of subcall function 6E333E29: RegOpenKeyExW.ADVAPI32(?,?,00000000,-00020018,00000000,80000002,CEIPEnable,00000002), ref: 6E333E94
                                                                                                                  • Part of subcall function 6E333E29: RegQueryValueExW.ADVAPI32(00000000,00000002,00000000,?,?,00000004), ref: 6E333EB0
                                                                                                                  • Part of subcall function 6E333E29: RegCloseKey.ADVAPI32(00000000), ref: 6E333ECE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpenQueryValue_vsnwprintfmemset
                                                                                                                • String ID: d3n$d3n$%s\%s$CabSessionAfterSize$Software\Microsoft\SQMClient
                                                                                                                • API String ID: 908408749-1794598311
                                                                                                                • Opcode ID: 51891fad798edabd0c29dd65b1475ff0fba74827506c1b6d84dae8705241f2f6
                                                                                                                • Instruction ID: 75bae63a03385af3dfd723967ff3a73d99cfe52c8fb3d7b54f8aa3de50cde6cb
                                                                                                                • Opcode Fuzzy Hash: 51891fad798edabd0c29dd65b1475ff0fba74827506c1b6d84dae8705241f2f6
                                                                                                                • Instruction Fuzzy Hash: 4831C1759046A8AFCB61DED5CC84FDA77AEBF41308F700495E914EB291D3B2C9848B51
                                                                                                                Function 6E3387B7 Relevance: 9.1, APIs: 6, Instructions: 73COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetTickCount.KERNEL32 ref: 6E3387CF
                                                                                                                • MsgWaitForMultipleObjects.USER32(?,?,00000000,?,000004FF), ref: 6E3387F9
                                                                                                                • GetTickCount.KERNEL32 ref: 6E33880B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CountTick$MultipleObjectsWait
                                                                                                                • String ID:
                                                                                                                • API String ID: 459475419-0
                                                                                                                • Opcode ID: efcc6b01945ac0a6c91eb4597eafd9cad200a586399d4c0e7c3e93fde2fbd7d0
                                                                                                                • Instruction ID: e6d70e97578fb87b28690ab47ac16699da84f822a9edad8d5fa25ac384683cd5
                                                                                                                • Opcode Fuzzy Hash: efcc6b01945ac0a6c91eb4597eafd9cad200a586399d4c0e7c3e93fde2fbd7d0
                                                                                                                • Instruction Fuzzy Hash: 55211B7190069AEFDF10DFE5C885EDE7BB9AB05354F308051EA14E6190C732EA95DFA0
                                                                                                                Function 6E34A55E Relevance: 9.1, APIs: 6, Instructions: 73registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000001,?), ref: 6E34A581
                                                                                                                • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?), ref: 6E34A5A7
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 6E34A5B9
                                                                                                                • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000001,?), ref: 6E34A5CC
                                                                                                                • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?), ref: 6E34A5EB
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 6E34A5FC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3677997916-0
                                                                                                                • Opcode ID: 7546fda0597a5f60d4ce9138e4d5c264edeabf979626feb3d3468bc40a2224dc
                                                                                                                • Instruction ID: 651c915101e1e4fb10b302eaa35d9632a198376b87a01d6c4618a72a248e867a
                                                                                                                • Opcode Fuzzy Hash: 7546fda0597a5f60d4ce9138e4d5c264edeabf979626feb3d3468bc40a2224dc
                                                                                                                • Instruction Fuzzy Hash: 5721F0B6800249FBDF11CF91DD84DDF7BBDEB84714F1081A6BA14A6120E732DA58DB60
                                                                                                                Function 6E348C6C Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,6E33F4D9,00000001,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E348CAC
                                                                                                                • CloseHandle.KERNEL32(?,?,6E33F4D9,00000001,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E348CC0
                                                                                                                • CloseHandle.KERNEL32(?,?,6E33F4D9,00000001,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E348CCD
                                                                                                                • CloseHandle.KERNEL32(?,?,6E33F4D9,00000001,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E348CDA
                                                                                                                • DeleteCriticalSection.KERNEL32(?,?,6E33F4D9,00000001,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E348CE3
                                                                                                                • EnterCriticalSection.KERNEL32(?,00000004,6E34630E,6E350168,?,6E33F4D9,00000001,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E348C93
                                                                                                                  • Part of subcall function 6E348958: free.MSVCRT ref: 6E348964
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseCriticalHandleSection$DeleteEnterLeavefree
                                                                                                                • String ID:
                                                                                                                • API String ID: 2998865046-0
                                                                                                                • Opcode ID: ab4db959a0346b545d04cc5dd58991c17e79251687133592258a365f19f73eac
                                                                                                                • Instruction ID: 0dcf3458ea9bb5bc9a8fbde13da4c1e7adee6c0097645c9627bfff899afc751e
                                                                                                                • Opcode Fuzzy Hash: ab4db959a0346b545d04cc5dd58991c17e79251687133592258a365f19f73eac
                                                                                                                • Instruction Fuzzy Hash: 0F11D375501B55CBCB60EFA9C9948AAF7F8BF14304BA00C2DE282D3A50DB75E949CB91
                                                                                                                Function 640F3D2E Relevance: 9.0, APIs: 6, Instructions: 49windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640F3D35
                                                                                                                • SetWindowLongW.USER32(?,000000F4,00000065), ref: 640F3D49
                                                                                                                  • Part of subcall function 640DFF14: EnumChildWindows.USER32(?,Function_0000FF39,?), ref: 640DFF21
                                                                                                                • GetParent.USER32(?), ref: 640F3D85
                                                                                                                • SendMessageW.USER32(00000000,00000485,00000000,00000065), ref: 640F3D90
                                                                                                                • GetParent.USER32(?), ref: 640F3D9D
                                                                                                                • GetDesktopWindow.USER32 ref: 640F3DA2
                                                                                                                  • Part of subcall function 640F8E26: HeapFree.KERNEL32(00000000,00000000,?,640F9BCC,00000000,?,640FB575,640F9054), ref: 640F8E3C
                                                                                                                  • Part of subcall function 640F8E26: GetLastError.KERNEL32(00000000,?,640F9BCC,00000000,?,640FB575,640F9054), ref: 640F8E4E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ParentWindow$ChildDesktopEnumErrorFreeH_prolog3HeapLastLongMessageSendWindows
                                                                                                                • String ID:
                                                                                                                • API String ID: 1093383602-0
                                                                                                                • Opcode ID: fab65fcdc8a068978544e3a4286c70d789973ee6555421953b5e595202b6c801
                                                                                                                • Instruction ID: bd9012b7bb6cb46754f0e77e72ead09b81c2bcca46084c9634c4a7c4b9887805
                                                                                                                • Opcode Fuzzy Hash: fab65fcdc8a068978544e3a4286c70d789973ee6555421953b5e595202b6c801
                                                                                                                • Instruction Fuzzy Hash: F9115A74A00614DBDB109FA5CC88A9EFBF4FF89704B10852AE925EB290DB319905CB50
                                                                                                                Function 640F3FCE Relevance: 9.0, APIs: 6, Instructions: 49windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640F3FD5
                                                                                                                • SetWindowLongW.USER32(?,000000F4,00000067), ref: 640F3FE9
                                                                                                                  • Part of subcall function 640DFF14: EnumChildWindows.USER32(?,Function_0000FF39,?), ref: 640DFF21
                                                                                                                • GetParent.USER32(?), ref: 640F4025
                                                                                                                • SendMessageW.USER32(00000000,00000485,00000000,00000067), ref: 640F4030
                                                                                                                • GetParent.USER32(?), ref: 640F403D
                                                                                                                • GetDesktopWindow.USER32 ref: 640F4042
                                                                                                                  • Part of subcall function 640F8E26: HeapFree.KERNEL32(00000000,00000000,?,640F9BCC,00000000,?,640FB575,640F9054), ref: 640F8E3C
                                                                                                                  • Part of subcall function 640F8E26: GetLastError.KERNEL32(00000000,?,640F9BCC,00000000,?,640FB575,640F9054), ref: 640F8E4E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ParentWindow$ChildDesktopEnumErrorFreeH_prolog3HeapLastLongMessageSendWindows
                                                                                                                • String ID:
                                                                                                                • API String ID: 1093383602-0
                                                                                                                • Opcode ID: a98f5d0ae94553f8c70d38a33a050e4653ba0500c1c1e5fbc5d6cae13c1e0231
                                                                                                                • Instruction ID: 9716c849b0451fdbe5f2b6059473d4875484b4b782ece69ce65d801866fcbfbe
                                                                                                                • Opcode Fuzzy Hash: a98f5d0ae94553f8c70d38a33a050e4653ba0500c1c1e5fbc5d6cae13c1e0231
                                                                                                                • Instruction Fuzzy Hash: 7B115A74A04214DBDB109FA5CD84AAEBBF4FF99708B10852AE965EB290DB359901CB50
                                                                                                                Function 640F4100 Relevance: 9.0, APIs: 6, Instructions: 49windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640F4107
                                                                                                                • SetWindowLongW.USER32(?,000000F4,0000006A), ref: 640F411B
                                                                                                                  • Part of subcall function 640DFF14: EnumChildWindows.USER32(?,Function_0000FF39,?), ref: 640DFF21
                                                                                                                • GetParent.USER32(?), ref: 640F4157
                                                                                                                • SendMessageW.USER32(00000000,00000485,00000000,0000006A), ref: 640F4162
                                                                                                                • GetParent.USER32(?), ref: 640F416F
                                                                                                                • GetDesktopWindow.USER32 ref: 640F4174
                                                                                                                  • Part of subcall function 640F8E26: HeapFree.KERNEL32(00000000,00000000,?,640F9BCC,00000000,?,640FB575,640F9054), ref: 640F8E3C
                                                                                                                  • Part of subcall function 640F8E26: GetLastError.KERNEL32(00000000,?,640F9BCC,00000000,?,640FB575,640F9054), ref: 640F8E4E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ParentWindow$ChildDesktopEnumErrorFreeH_prolog3HeapLastLongMessageSendWindows
                                                                                                                • String ID:
                                                                                                                • API String ID: 1093383602-0
                                                                                                                • Opcode ID: 645af03c3f912ffab9f335c55a84398134a5651e7c4ff90b7d7663e516b2f703
                                                                                                                • Instruction ID: 246d1f28e9f521c08b29e0b9de0c79a337d63f2ebc92de526acac8cb00b811f8
                                                                                                                • Opcode Fuzzy Hash: 645af03c3f912ffab9f335c55a84398134a5651e7c4ff90b7d7663e516b2f703
                                                                                                                • Instruction Fuzzy Hash: 0B115A74A00328DBDB00DFA5CD84A9EBBF5FF99704B10852AE825EB2A0DB319901CB50
                                                                                                                Function 6E331E75 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(6E350168,00000000,6E331E21,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E331E8E
                                                                                                                • ctype.LIBCPMT ref: 6E331EA0
                                                                                                                • LeaveCriticalSection.KERNEL32(6E350168,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E331EC2
                                                                                                                • DeleteCriticalSection.KERNEL32(6E350168,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E331EC9
                                                                                                                • SetLastError.KERNEL32(1000010A,6E331E21,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E33F4C9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$DeleteEnterErrorLastLeavectype
                                                                                                                • String ID:
                                                                                                                • API String ID: 1588575130-0
                                                                                                                • Opcode ID: 40a8d926615c7866dad96ed651ed94b3bdd6428dca5856990853c33ed6c93870
                                                                                                                • Instruction ID: 745174bf9834719216f737a9fdf30af7d72701ece2f2cf10c027559d83d7b06f
                                                                                                                • Opcode Fuzzy Hash: 40a8d926615c7866dad96ed651ed94b3bdd6428dca5856990853c33ed6c93870
                                                                                                                • Instruction Fuzzy Hash: 1101D434111A90AFDB909BA0C854FDA37ADAF0231EF700498E885D6291D7778048CF51
                                                                                                                Function 6E33C385 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 157timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?,6E350088,?,00000000), ref: 6E343335
                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 6E343351
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Time$ErrorFileLastSystem
                                                                                                                • String ID: If-Modified-Since:%s
                                                                                                                • API String ID: 2781989572-880471301
                                                                                                                • Opcode ID: bcd76d296bd1d512ab8e6bc48ebc1c821778d19399f271015f1cffda791f8a81
                                                                                                                • Instruction ID: a7cf640e7d9e6d01b6cd14fb34bf572e9a2262cdc34f795c0d5f4a7ff4da581d
                                                                                                                • Opcode Fuzzy Hash: bcd76d296bd1d512ab8e6bc48ebc1c821778d19399f271015f1cffda791f8a81
                                                                                                                • Instruction Fuzzy Hash: 8E51BF32A4026A9BCB519ED5CC98FEAB7BDFF08704F5004A9E515DB250EB76C944CFA0
                                                                                                                Function 640E8CD7 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 154windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E8CDE
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640F127A: __EH_prolog3.LIBCMT ref: 640F1281
                                                                                                                  • Part of subcall function 640F1360: GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,Action,6410FE10,?,?,?,74402FA0,Action,?,00000000), ref: 640F1395
                                                                                                                  • Part of subcall function 640F1360: GetLastError.KERNEL32(?,?,?,74402FA0,Action,?,00000000), ref: 640F13A5
                                                                                                                • SendMessageW.USER32(00000006,00000170,?,00000000), ref: 640E8E7C
                                                                                                                • SetWindowTextW.USER32(?,?), ref: 640E8E8E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$DiskErrorFreeLastMessageSendSpaceTextWindow
                                                                                                                • String ID: %1!I64u!$< 1
                                                                                                                • API String ID: 3840077912-3199623825
                                                                                                                • Opcode ID: 0f73b0d07f513b6f52968e159e39a58daeb4e95a2fcd7241be3a595245a52927
                                                                                                                • Instruction ID: 82d027929bf191318f34ed362685beb203dfb684665ed218ec3b375c670e224d
                                                                                                                • Opcode Fuzzy Hash: 0f73b0d07f513b6f52968e159e39a58daeb4e95a2fcd7241be3a595245a52927
                                                                                                                • Instruction Fuzzy Hash: 48515E72A002199FDF00DFA8C944BEEBBB4EF05318F144464E914AB392DB30EE15CBA1
                                                                                                                Function 640E45DE Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 153COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E45E5
                                                                                                                  • Part of subcall function 640E3AD4: __EH_prolog3.LIBCMT ref: 640E3ADB
                                                                                                                  • Part of subcall function 640E396A: __EH_prolog3.LIBCMT ref: 640E3971
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640E40EA: __EH_prolog3.LIBCMT ref: 640E40F1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: LicenseTermsCheckbox$PrintButton$SaveButton$UserExperienceDataCollection
                                                                                                                • API String ID: 431132790-2575726183
                                                                                                                • Opcode ID: 8b275a9a9effc04eb27c9f792b83a9b44e5e87d7ffabf2cb053d84d97e8217ce
                                                                                                                • Instruction ID: c64ae2c9a719b9251af614ff0e234d478322481790e021ee68959934fcd48678
                                                                                                                • Opcode Fuzzy Hash: 8b275a9a9effc04eb27c9f792b83a9b44e5e87d7ffabf2cb053d84d97e8217ce
                                                                                                                • Instruction Fuzzy Hash: 9C516F7190025CEFEB01DFA8C840BDEBBB8AF1931CF148459E454E7241D734EA19DB61
                                                                                                                Function 6E33B5FC Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 133COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LocalFree.KERNEL32(?,?), ref: 6E33B6DB
                                                                                                                  • Part of subcall function 6E333679: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,6E33332F,?), ref: 6E333683
                                                                                                                  • Part of subcall function 6E333679: OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,?,?,6E33332F,?), ref: 6E3336B3
                                                                                                                  • Part of subcall function 6E333679: ConvertSidToStringSidW.ADVAPI32(00000000,?), ref: 6E3336D5
                                                                                                                  • Part of subcall function 6E333679: CloseHandle.KERNEL32(?,?,00000001,?,?,?,?,6E33332F,?), ref: 6E3336E0
                                                                                                                  • Part of subcall function 6E331967: malloc.MSVCRT(?,6E350554), ref: 6E331979
                                                                                                                  • Part of subcall function 6E3318E5: _vsnwprintf.MSVCRT ref: 6E331913
                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(00000000,00000001,?,00000000), ref: 6E33B6BD
                                                                                                                Strings
                                                                                                                • O:%sD:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GA;;;%s), xrefs: 6E33B686
                                                                                                                • O:%sD:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA), xrefs: 6E33FDB8
                                                                                                                • (A;OICI;GA;;;LS), xrefs: 6E33B6A2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ConvertDescriptorProcessSecurityString$CloseCurrentFreeHandleLocalOpenToken_vsnwprintfmalloc
                                                                                                                • String ID: (A;OICI;GA;;;LS)$O:%sD:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)$O:%sD:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GA;;;%s)
                                                                                                                • API String ID: 4054149472-2141982788
                                                                                                                • Opcode ID: 2930b3f7736875c24c885881b28f30121f204efa70cddc7a7572467a04effce8
                                                                                                                • Instruction ID: 6b4629091b55dfe1d5c05cbaf82f734ac5aeff631c1cc5459d1948de22775a25
                                                                                                                • Opcode Fuzzy Hash: 2930b3f7736875c24c885881b28f30121f204efa70cddc7a7572467a04effce8
                                                                                                                • Instruction Fuzzy Hash: B6411631900AA5BBDB418ED5CCE4FEE7BA9AF01348F31446DE511AE2A6D7338D41CB51
                                                                                                                Function 640E396A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 118COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E3971
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640E3654: __EH_prolog3.LIBCMT ref: 640E365B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: BackButton$CancelButton$FinishButton$NextButton
                                                                                                                • API String ID: 431132790-22014311
                                                                                                                • Opcode ID: 560d1b3ee046c38456d6d7a81aef0b393476afa8c1e6345c990ecb5e003e7dbd
                                                                                                                • Instruction ID: 9c8e76366c92abeb05367b555e4a52993155b195bb0336d87d800e7aa8fc075c
                                                                                                                • Opcode Fuzzy Hash: 560d1b3ee046c38456d6d7a81aef0b393476afa8c1e6345c990ecb5e003e7dbd
                                                                                                                • Instruction Fuzzy Hash: 00413C71900168EFEB01DBF8C984BEEBBACAF1921CF148195E454E7291DB74DA09CB71
                                                                                                                Function 6E3319F5 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 105sleepthreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DisableThreadLibraryCalls.KERNEL32(?,Microsoft\Windows\SoftwareQualityMetricsClient,6E350180,00000000,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E3319CE
                                                                                                                • InterlockedCompareExchange.KERNEL32(6E350164,?,00000000), ref: 6E331AB1
                                                                                                                • _initterm.MSVCRT ref: 6E331AF8
                                                                                                                • InterlockedExchange.KERNEL32(6E350164,00000000), ref: 6E331B0E
                                                                                                                • InterlockedCompareExchange.KERNEL32(6E350164,00000001,00000000), ref: 6E331D46
                                                                                                                • free.MSVCRT ref: 6E331D7A
                                                                                                                • InterlockedExchange.KERNEL32(6E350164,00000000), ref: 6E331D9C
                                                                                                                • Sleep.KERNEL32(000003E8,?,00000000,?,?,6E331DDB,?,00000001,?,?,?,?,6E331C70,0000002C), ref: 6E34451B
                                                                                                                Strings
                                                                                                                • Microsoft\Windows\SoftwareQualityMetricsClient, xrefs: 6E3319AC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExchangeInterlocked$Compare$CallsDisableLibrarySleepThread_inittermfree
                                                                                                                • String ID: Microsoft\Windows\SoftwareQualityMetricsClient
                                                                                                                • API String ID: 529680579-2483579846
                                                                                                                • Opcode ID: a949a928d1d616ab668d2925c1c547273a66f284fcc503a56e54ffd3a44945ad
                                                                                                                • Instruction ID: c8a0a1a964347efcb3ecb941270191e1171c65b5a26994b4f2f309614ff0682a
                                                                                                                • Opcode Fuzzy Hash: a949a928d1d616ab668d2925c1c547273a66f284fcc503a56e54ffd3a44945ad
                                                                                                                • Instruction Fuzzy Hash: A431287151C7E0AFDB41CBB18854E997B7ABF0331DB3481DEE8418B243E726850ADB92
                                                                                                                Function 6E34785F Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegCreateKeyExW.ADVAPI32(00000000,?,00000000,00000000,00000000,-00020005,?,00000000,00000000,80000002,Software\Microsoft\SQMClient\Windows,CabSessionAfterSize,?,?,6E346078,80000002), ref: 6E3478BB
                                                                                                                • RegSetValueExW.ADVAPI32(00000000,?,00000000,00000004,?,00000004,?,?,6E346078,80000002,Software\Microsoft\SQMClient\Windows,00000000,CEIPEnable,00000000,80000002,Software\Microsoft\SQMClient\Windows\DisabledSessions), ref: 6E3478F3
                                                                                                                • RegCloseKey.ADVAPI32(00000000,?,?,6E346078,80000002,Software\Microsoft\SQMClient\Windows,00000000,CEIPEnable,00000000,80000002,Software\Microsoft\SQMClient\Windows\DisabledSessions,80000002,Software\Microsoft\SQMClient\Windows\Users,80000002,Software\Microsoft\SQMClient\Windows\Uploader\PendingUpload,80000002), ref: 6E34792D
                                                                                                                Strings
                                                                                                                • Software\Microsoft\SQMClient\Windows, xrefs: 6E347869
                                                                                                                • CabSessionAfterSize, xrefs: 6E347868
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseCreateValue
                                                                                                                • String ID: CabSessionAfterSize$Software\Microsoft\SQMClient\Windows
                                                                                                                • API String ID: 1818849710-2962713777
                                                                                                                • Opcode ID: e9e4395c478c98d6b727c0e360a7074e4728cc7a08d033fb1c052baae0f29ce2
                                                                                                                • Instruction ID: 229deaa0b5915577046fb5a8df9b8499d272100878323c62fd26be43f143d939
                                                                                                                • Opcode Fuzzy Hash: e9e4395c478c98d6b727c0e360a7074e4728cc7a08d033fb1c052baae0f29ce2
                                                                                                                • Instruction Fuzzy Hash: 3F31F331540605FFDB929E98CCA4FAA3BEAEB46748F100184F914AB2E1D373CD44CBA0
                                                                                                                Function 6E345DAA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LocalAlloc.KERNEL32(?,00000000), ref: 6E345E3B
                                                                                                                • memcpy.MSVCRT(?,00000000,-0000000E), ref: 6E345E66
                                                                                                                • TraceEvent.ADVAPI32(?,?,?), ref: 6E345E9E
                                                                                                                • LocalFree.KERNEL32(00000000), ref: 6E345EAD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Local$AllocEventFreeTracememcpy
                                                                                                                • String ID: P
                                                                                                                • API String ID: 4064889523-3110715001
                                                                                                                • Opcode ID: d4dea8b2928bfd6644fe6ce4b41d55c5c7d8c930395482e00ae2212a2a9f1033
                                                                                                                • Instruction ID: 6e639787b82f8ce8955cef399bcc1cd26a217f6e2cbc87f36f3603690324e9b4
                                                                                                                • Opcode Fuzzy Hash: d4dea8b2928bfd6644fe6ce4b41d55c5c7d8c930395482e00ae2212a2a9f1033
                                                                                                                • Instruction Fuzzy Hash: 0E3128B1D01259EFEB50CFA9C9847CEB7FAEF85318F248069E519A7211D3319A84CF51
                                                                                                                Function 640EB4CC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 89COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640EB4D3
                                                                                                                  • Part of subcall function 640EEB56: __wcsicoll.LIBCMT ref: 640EEB74
                                                                                                                  • Part of subcall function 640F7FA1: __EH_prolog3.LIBCMT ref: 640F7FA8
                                                                                                                  • Part of subcall function 640F7FA1: FormatMessageW.KERNEL32(00001300,00000000,?,?,?,00000000,00000000,00000008,640DC9AE,?,00000000,?), ref: 640F7FDB
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640EF092: __EH_prolog3.LIBCMT ref: 640EF099
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$FormatMessage__wcsicoll
                                                                                                                • String ID: $$FailureReason$$$0x%x$HRESULT$IDS_DOWNLOAD_ERROR_MESSAGE
                                                                                                                • API String ID: 3776434076-2273825792
                                                                                                                • Opcode ID: aa879eac7eef8866c0c65a7dec15a986a4f5184a98193f3f5127242ec774d469
                                                                                                                • Instruction ID: f0a044836f7725d3e1418848753681ad1c82be62a812e729c84b5b8632d60392
                                                                                                                • Opcode Fuzzy Hash: aa879eac7eef8866c0c65a7dec15a986a4f5184a98193f3f5127242ec774d469
                                                                                                                • Instruction Fuzzy Hash: 863184729001299FDF40DBBCC885BEE77B4AF0532CF144114E964EB385DB70DA558BA5
                                                                                                                Function 640F7FA1 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640F7FA8
                                                                                                                • FormatMessageW.KERNEL32(00001300,00000000,?,?,?,00000000,00000000,00000008,640DC9AE,?,00000000,?), ref: 640F7FDB
                                                                                                                • LocalFree.KERNEL32(?,?,?), ref: 640F8004
                                                                                                                  • Part of subcall function 640F83CE: __CxxThrowException@8.LIBCMT ref: 640F83E2
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 640F806E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Free$Exception@8FormatH_prolog3LocalMessageStringThrow
                                                                                                                • String ID: HRESULT 0x%8.8x
                                                                                                                • API String ID: 3624661282-2887418326
                                                                                                                • Opcode ID: 02d80c937ad5ebc75aa802ae4de758eeb784eb4e7377ad6674954d5a9126677d
                                                                                                                • Instruction ID: c16f4c18274c2e7c45280067970566059e0faf1663b851f1cc6e2153a8f53ca6
                                                                                                                • Opcode Fuzzy Hash: 02d80c937ad5ebc75aa802ae4de758eeb784eb4e7377ad6674954d5a9126677d
                                                                                                                • Instruction Fuzzy Hash: A9215E77500126ABEF909F56CC84BDEBBB5FF95708B408529ED15AB111CB358506CB21
                                                                                                                Function 640ED073 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 66COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640ED07A
                                                                                                                • SetDlgItemTextW.USER32(?,00000065,?), ref: 640ED130
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                Strings
                                                                                                                • IDS_SUCCESS_BLOCKERS_DESCRIPTION_TEXT, xrefs: 640ED0A3
                                                                                                                • IDS_INSTALL_ABORTED_DESCRIPTION_FORMAT_1S, xrefs: 640ED0BF
                                                                                                                • IDS_INSTALL_WARNING_DESCRIPTION_FORMAT, xrefs: 640ED0F4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$ItemText
                                                                                                                • String ID: IDS_INSTALL_ABORTED_DESCRIPTION_FORMAT_1S$IDS_INSTALL_WARNING_DESCRIPTION_FORMAT$IDS_SUCCESS_BLOCKERS_DESCRIPTION_TEXT
                                                                                                                • API String ID: 2878149499-3033223209
                                                                                                                • Opcode ID: f5a6cbf17b8d441eb984c56ba5b5f3c1de9b25341995c85d0648e3180ed0a919
                                                                                                                • Instruction ID: 6c37efa6c7b18a2d766c01ca7b9643b73ddacfcb5fe4925c54d9b4018f568351
                                                                                                                • Opcode Fuzzy Hash: f5a6cbf17b8d441eb984c56ba5b5f3c1de9b25341995c85d0648e3180ed0a919
                                                                                                                • Instruction Fuzzy Hash: 9121743190425ADFDB00DFB4C948BAEB7F2FF46708F188458E555AB291DB31E915CB12
                                                                                                                Function 640ECFA5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640ECFAC
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                • GetDlgItem.USER32(?,00000067), ref: 640ED018
                                                                                                                  • Part of subcall function 640DE2E1: GetCurrentProcess.KERNEL32(00000000,0000000D), ref: 640DE319
                                                                                                                  • Part of subcall function 640DE2E1: FlushInstructionCache.KERNEL32(00000000), ref: 640DE320
                                                                                                                • SetWindowLongW.USER32(?,000000FC,?), ref: 640ED041
                                                                                                                • SetDlgItemTextW.USER32(?,00000067,?), ref: 640ED05A
                                                                                                                Strings
                                                                                                                • IDS_BLOCK_DIALOGS_SYSLINK_TEXT, xrefs: 640ECFB5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3Item$CacheCurrentFlushInstructionLongProcessTextWindow
                                                                                                                • String ID: IDS_BLOCK_DIALOGS_SYSLINK_TEXT
                                                                                                                • API String ID: 2244164258-355004722
                                                                                                                • Opcode ID: 981cf2cb166cd6f21a36741c6d8e64a1084f2a7a5ac951df4c7cebd78a5c4255
                                                                                                                • Instruction ID: 35d748079129ba5e6a61a32aaa6cfe033c37e5180192e6ef0c57c678573f05f3
                                                                                                                • Opcode Fuzzy Hash: 981cf2cb166cd6f21a36741c6d8e64a1084f2a7a5ac951df4c7cebd78a5c4255
                                                                                                                • Instruction Fuzzy Hash: 3321AF31900226DFDF10DFA4C988AAEBBF5FF09718B148568E855EB2A1DB31E915CF50
                                                                                                                Function 6E34A94E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 43registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,System\WPA\ApplianceServer,00000000,00000001,?), ref: 6E34A972
                                                                                                                • RegQueryValueExA.ADVAPI32(?,Installed,00000000,?,?,?), ref: 6E34A999
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 6E34A9BB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                • String ID: Installed$System\WPA\ApplianceServer
                                                                                                                • API String ID: 3677997916-2615809295
                                                                                                                • Opcode ID: b0ec3a45715be08eb7e03701294ef73426d938fd82fa8a4b665c4cc89cd7ff2c
                                                                                                                • Instruction ID: 04c7398c98b0900cf89c6f8e3b9e0b09b71c3589af95779683ffa53b841f2ae0
                                                                                                                • Opcode Fuzzy Hash: b0ec3a45715be08eb7e03701294ef73426d938fd82fa8a4b665c4cc89cd7ff2c
                                                                                                                • Instruction Fuzzy Hash: 59012831914649EBEF50CBE8C885F9E77FCBB05318F210666F621E1280F7729A44DB51
                                                                                                                Function 640F7E95 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 43libraryfileloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,640F7F46,00002100,00000002,00000000,640F7BC3,C0000000,?,?,?,640F7BC3,?,C0000000,00000000), ref: 640F7EA6
                                                                                                                • GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 640F7EB6
                                                                                                                • CreateFileW.KERNEL32(00002100,00000002,00000000,C0000000,?,640F7BC3,00000000,?,?,640F7F46,00002100,00000002,00000000,640F7BC3,C0000000,?), ref: 640F7EF3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressCreateFileHandleModuleProc
                                                                                                                • String ID: CreateFileTransactedW$kernel32.dll
                                                                                                                • API String ID: 2580138172-2053874626
                                                                                                                • Opcode ID: 797a69b1fad2e02a025ac197c911d36dea5a82449a1bb488157476d17f8a5a84
                                                                                                                • Instruction ID: 3e8e2d4c4c4aa284f7fb7f3b349a8c9471c0a28cba637fafdf9204156190d1eb
                                                                                                                • Opcode Fuzzy Hash: 797a69b1fad2e02a025ac197c911d36dea5a82449a1bb488157476d17f8a5a84
                                                                                                                • Instruction Fuzzy Hash: 7B01E83200456ABB8F222E95CC08DDB7F76FBC97507104926FD6485820CB328966EB61
                                                                                                                Function 6E34A7C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,NtQueryInformationProcess), ref: 6E34A7DB
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 6E34A7E2
                                                                                                                • GetCurrentProcess.KERNEL32(0000001A,?,00000004,00000000), ref: 6E34A7F8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                • String ID: NtQueryInformationProcess$ntdll.dll
                                                                                                                • API String ID: 4190356694-2906145389
                                                                                                                • Opcode ID: 911588f90ecd9596d31f144daeb1de33518ac2bc0a1eaf53e222c4c06d4d0fa4
                                                                                                                • Instruction ID: e86570fe54c00cb7bd224e36d9855a59f0acf91cb13cc6e5e14d3d9b7bc3f3d3
                                                                                                                • Opcode Fuzzy Hash: 911588f90ecd9596d31f144daeb1de33518ac2bc0a1eaf53e222c4c06d4d0fa4
                                                                                                                • Instruction Fuzzy Hash: 96F0E271904615EBEB5096F58C08FE63FECDB06724F204930F930D2280F271C802CBA0
                                                                                                                Function 6E34A847 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,00000000,00000001,?), ref: 6E34A865
                                                                                                                • RegQueryValueExA.ADVAPI32(?,ServerAdminUI,00000000,00000000,00000000,?), ref: 6E34A88A
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 6E34A893
                                                                                                                Strings
                                                                                                                • Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, xrefs: 6E34A85B
                                                                                                                • ServerAdminUI, xrefs: 6E34A87B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                • String ID: ServerAdminUI$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                • API String ID: 3677997916-377279143
                                                                                                                • Opcode ID: 37821982224acbb3eb7f67476266568642730df386de199d197343b87c62575d
                                                                                                                • Instruction ID: 542c9680aace76536adfccdf65b7ada0016aca403dac49c8dbfd2db111561eb4
                                                                                                                • Opcode Fuzzy Hash: 37821982224acbb3eb7f67476266568642730df386de199d197343b87c62575d
                                                                                                                • Instruction Fuzzy Hash: 74F0F276A00248FBEB20DBD0CC89FDDBBBCEB04704F2000A1BA14B5190E7B1AA49CB55
                                                                                                                Function 6E33E0FF Relevance: 7.6, APIs: 5, Instructions: 150timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 6E33C33D: GetLastError.KERNEL32(6E350088,?,6E33C203,?,?,?,00000000), ref: 6E33C343
                                                                                                                  • Part of subcall function 6E33C33D: SetLastError.KERNEL32(00000000,?,6E33C203,?,?,?,00000000), ref: 6E33C354
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,6E33C008,00000000,?,00000000,00000000,?,?,?,PUT,00000000,?,6E337AF4), ref: 6E34378C
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,6E33C008,00000000), ref: 6E343824
                                                                                                                • SystemTimeToFileTime.KERNEL32(?,6E33C008,?,?,?,?,6E33C008,00000000), ref: 6E343852
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,6E33C008,00000000), ref: 6E34386E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$Time$FileSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 3446928799-0
                                                                                                                • Opcode ID: 971bcd9cb9f7aa2522ca12e03bd6004a85340dd74ccf595ddb4a7a832a1549b0
                                                                                                                • Instruction ID: 91d4f1df53ccbf8a49cfc0d799c74e64067e82662f486e909b06a86ea799ff86
                                                                                                                • Opcode Fuzzy Hash: 971bcd9cb9f7aa2522ca12e03bd6004a85340dd74ccf595ddb4a7a832a1549b0
                                                                                                                • Instruction Fuzzy Hash: E951DF36500395AFDB859FE5C894FAE7BEEEF44348F200458E155DB261D732C944CB61
                                                                                                                Function 640DD086 Relevance: 7.6, APIs: 5, Instructions: 88memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: StringVariant$AllocClearFreeH_prolog3Init
                                                                                                                • String ID:
                                                                                                                • API String ID: 1692324188-0
                                                                                                                • Opcode ID: d55cbf15c11eb00a545a753040e55e9b5787b453f96447f7935d90a7c4d36e10
                                                                                                                • Instruction ID: cb1248f10b0a9507d13f938c46ed943e26e95c080b0f9413a81b5df91606b55e
                                                                                                                • Opcode Fuzzy Hash: d55cbf15c11eb00a545a753040e55e9b5787b453f96447f7935d90a7c4d36e10
                                                                                                                • Instruction Fuzzy Hash: A9317A75900328EFDF00DFA4C848A9DBBB8EF89314F148559F855EB240DB35DA45CB60
                                                                                                                Function 6E346513 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 87COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 6E346538
                                                                                                                • GetLastError.KERNEL32 ref: 6E34659B
                                                                                                                • SetLastError.KERNEL32(00000000,80000001,Software\Microsoft\SQMClient,00000000,UserId,?), ref: 6E3465FA
                                                                                                                  • Part of subcall function 6E345F11: EtwTraceMessage.NTDLL ref: 6E345F26
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$MessageTracememset
                                                                                                                • String ID: Software\Microsoft\SQMClient$UserId
                                                                                                                • API String ID: 1733364027-3032788761
                                                                                                                • Opcode ID: e5a9c5718d80f5a0472991c709081990114d2b7eb864db0d422e2c3e7c9bbb6b
                                                                                                                • Instruction ID: 58d55e2eb9fcdb101ca17c228afc3de7f5e9259d8f794e2db217b7df493dd421
                                                                                                                • Opcode Fuzzy Hash: e5a9c5718d80f5a0472991c709081990114d2b7eb864db0d422e2c3e7c9bbb6b
                                                                                                                • Instruction Fuzzy Hash: 1921DE71664644EBD780DEE5CC84F9A3BFDAF45308F2000A8FA05DB296E772D948CB61
                                                                                                                Function 640F269C Relevance: 7.6, APIs: 5, Instructions: 87windowCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DestroyPropertySheetPage.COMCTL32(?,00000000), ref: 640F26C1
                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,00000000), ref: 640F26FE
                                                                                                                • CreatePropertySheetPageW.COMCTL32(?,00000000,00000000), ref: 640F2716
                                                                                                                • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 640F2735
                                                                                                                • DestroyPropertySheetPage.COMCTL32(00000000), ref: 640F2751
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PagePropertySheet$Destroy$CreateExceptionMessageRaiseSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 1284076499-0
                                                                                                                • Opcode ID: 760f6dc97502eeccc91459489634747e03fa6844b183abeae8157e501d1b2261
                                                                                                                • Instruction ID: ad326be6bfad65def96288f5bfd5da5fce0b90f4efce44063a28581925852a00
                                                                                                                • Opcode Fuzzy Hash: 760f6dc97502eeccc91459489634747e03fa6844b183abeae8157e501d1b2261
                                                                                                                • Instruction Fuzzy Hash: 572195326007B4ABD7209E699CC8E8BBBE9EB85758711443DFD45D7600CB71EC468B60
                                                                                                                Function 6E332671 Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(6E350168,00000FA0,?,?,6E3319CB,Microsoft\Windows\SoftwareQualityMetricsClient,6E350180,00000000,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E33268E
                                                                                                                • GetLastError.KERNEL32(?,?,6E3319CB,Microsoft\Windows\SoftwareQualityMetricsClient,6E350180,00000000,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E33F520
                                                                                                                  • Part of subcall function 6E3317EB: malloc.MSVCRT ref: 6E3317F6
                                                                                                                • SetLastError.KERNEL32(00000000,?,?,6E3319CB,Microsoft\Windows\SoftwareQualityMetricsClient,6E350180,00000000,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E3326D1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$CountCriticalInitializeSectionSpinmalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2914686227-0
                                                                                                                • Opcode ID: 97fe2bd019b1b2510dea58084766ddbdaed2daa18ac74a272ab7ca7c9fc9d1f9
                                                                                                                • Instruction ID: 93586fbc4aa0877fc3ac2ef80467dc6d7ab1a9275f0d503f2069497465504f82
                                                                                                                • Opcode Fuzzy Hash: 97fe2bd019b1b2510dea58084766ddbdaed2daa18ac74a272ab7ca7c9fc9d1f9
                                                                                                                • Instruction Fuzzy Hash: 4D21AD30250781AFEB919FA5CD94F963BAEBF42318F710994E554DB2A2E7B2C444CF20
                                                                                                                Function 6E33BCC7 Relevance: 7.6, APIs: 5, Instructions: 70libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 6E33BCF7
                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,6E330000), ref: 6E33BD0C
                                                                                                                • LoadLibraryW.KERNEL32(?,?,?,6E330000), ref: 6E33BD21
                                                                                                                • GetLastError.KERNEL32(?,?,6E330000), ref: 6E33F94F
                                                                                                                • GetLastError.KERNEL32(?,?,6E330000), ref: 6E33F98C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$FileLibraryLoadModuleNamememset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2354241510-0
                                                                                                                • Opcode ID: 53562e5bf248dffbc19a5103f5d7a512907c5b4813cd2721203449bbfe70b688
                                                                                                                • Instruction ID: dae2f03db31e4d3c7e2b09b0f670c6e681dac8925f573976cf59f15ff3bdce55
                                                                                                                • Opcode Fuzzy Hash: 53562e5bf248dffbc19a5103f5d7a512907c5b4813cd2721203449bbfe70b688
                                                                                                                • Instruction Fuzzy Hash: 0E21CF71A40695AFCB50CF95CC88FDA3BEDAF45304F200494E618DB252D732DA48CF61
                                                                                                                Function 640EC1B2 Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetWindowTextW.USER32(?,?), ref: 640EC1C2
                                                                                                                • GetDlgItem.USER32(?,00000065), ref: 640EC1CD
                                                                                                                • SendMessageW.USER32(?,00000180,00000000,?), ref: 640EC1F7
                                                                                                                • GetParent.USER32(?), ref: 640EC206
                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,?,?,640EC10E,00000110), ref: 640EC22D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionItemMessageParentRaiseSendTextWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3396959766-0
                                                                                                                • Opcode ID: be766a61b316e7cac6b2af355287e63a243cfde387a13ec15940fa9723d4e276
                                                                                                                • Instruction ID: 7de37450c3b8872dd7e529d50274914a93cc1a8b95c5289231d0d258e98984a7
                                                                                                                • Opcode Fuzzy Hash: be766a61b316e7cac6b2af355287e63a243cfde387a13ec15940fa9723d4e276
                                                                                                                • Instruction Fuzzy Hash: 7A11B231508624BFD7119FA5DC85E67BFE9EF89758B108439F946C7510CB729821CB50
                                                                                                                Function 640FDE5E Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __getptd.LIBCMT ref: 640FDE6A
                                                                                                                  • Part of subcall function 640F9BE0: __getptd_noexit.LIBCMT ref: 640F9BE3
                                                                                                                  • Part of subcall function 640F9BE0: __amsg_exit.LIBCMT ref: 640F9BF0
                                                                                                                • __amsg_exit.LIBCMT ref: 640FDE8A
                                                                                                                • __lock.LIBCMT ref: 640FDE9A
                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 640FDEB7
                                                                                                                • InterlockedIncrement.KERNEL32(00A41780), ref: 640FDEE2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                • String ID:
                                                                                                                • API String ID: 4271482742-0
                                                                                                                • Opcode ID: 9c67a088e0a87ded275606ff2ecd50bd4c006a80f8a66f8f1fb1a733f1dfc16e
                                                                                                                • Instruction ID: 591deffe29ab234eb6eedc36285d2c8fe800165070d04b811ba36f0a47a80033
                                                                                                                • Opcode Fuzzy Hash: 9c67a088e0a87ded275606ff2ecd50bd4c006a80f8a66f8f1fb1a733f1dfc16e
                                                                                                                • Instruction Fuzzy Hash: 29016532D057319BEB80AB65884578E77A2BF05714F100129DC1167240CF74A883DBD5
                                                                                                                Function 6E33256E Relevance: 7.5, APIs: 5, Instructions: 44timethreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 6E344788
                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 6E344794
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 6E34479C
                                                                                                                • GetTickCount.KERNEL32 ref: 6E3447A4
                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 6E3447B0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                • String ID:
                                                                                                                • API String ID: 1445889803-0
                                                                                                                • Opcode ID: 2328275017cf0f80502c734e8f1c139cfb4ac1944432d70904c7fd5b42717c71
                                                                                                                • Instruction ID: 0f7faf5a723a299a158520c523a0b1bdae1c4d1ff28c811dc3ed0631aa6eac80
                                                                                                                • Opcode Fuzzy Hash: 2328275017cf0f80502c734e8f1c139cfb4ac1944432d70904c7fd5b42717c71
                                                                                                                • Instruction Fuzzy Hash: 1D018036C006249BCF209BF9C448ADEBBFCFF0A355F660561D811E7200EA319A01CF80
                                                                                                                Function 640FE60F Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __getptd.LIBCMT ref: 640FE61B
                                                                                                                  • Part of subcall function 640F9BE0: __getptd_noexit.LIBCMT ref: 640F9BE3
                                                                                                                  • Part of subcall function 640F9BE0: __amsg_exit.LIBCMT ref: 640F9BF0
                                                                                                                • __getptd.LIBCMT ref: 640FE632
                                                                                                                • __amsg_exit.LIBCMT ref: 640FE640
                                                                                                                • __lock.LIBCMT ref: 640FE650
                                                                                                                • __updatetlocinfoEx_nolock.LIBCMT ref: 640FE664
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                • String ID:
                                                                                                                • API String ID: 938513278-0
                                                                                                                • Opcode ID: bb6261f9bc62161a2f59f3e6396f9a616141dc472fdb33ee0fe4b26f179cc1ad
                                                                                                                • Instruction ID: cc6900d1cbae8580a11ba4e13097d0f8febfe7ac1722406bed56eb69ff86bd6f
                                                                                                                • Opcode Fuzzy Hash: bb6261f9bc62161a2f59f3e6396f9a616141dc472fdb33ee0fe4b26f179cc1ad
                                                                                                                • Instruction Fuzzy Hash: 2BF03032948634EBF7D1AB788D0574E72A1AF047ACF204129ED10AB2D0CF645543CFDA
                                                                                                                Function 6E34B397 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 380COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcschr
                                                                                                                • String ID: ::$DATA$\\?\$\\?\UNC\
                                                                                                                • API String ID: 1497570035-1379090233
                                                                                                                • Opcode ID: c2128610a454423fe9e4cd4e4012d06618d4f55a93e5b4f428cb94a7e6d6ceb4
                                                                                                                • Instruction ID: 3557d2bccfae92e8bd5960cbfbfeb9dfd12f635b3a89df7031bbca42c45091a1
                                                                                                                • Opcode Fuzzy Hash: c2128610a454423fe9e4cd4e4012d06618d4f55a93e5b4f428cb94a7e6d6ceb4
                                                                                                                • Instruction Fuzzy Hash: FDD1B07180060AEBDF50CFD5C850ADEBBF8FF00354F51842AE8559F258E3BA9A81CB91
                                                                                                                Function 640F60A8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 233COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640F60AF
                                                                                                                  • Part of subcall function 640F7341: __EH_prolog3.LIBCMT ref: 640F7348
                                                                                                                  • Part of subcall function 640F7341: GetLastError.KERNEL32 ref: 640F7364
                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000), ref: 640F62D8
                                                                                                                  • Part of subcall function 640EEB56: __wcsicoll.LIBCMT ref: 640EEB74
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$ErrorExceptionLastRaise__wcsicoll
                                                                                                                • String ID: Blocking Services$No Blocking Services
                                                                                                                • API String ID: 1137283054-2473106011
                                                                                                                • Opcode ID: 3daf1248d6d4984287aa6ff1c081685aaea621cdc57cc5c95aae3076046bd0f7
                                                                                                                • Instruction ID: 78ff18cf39a2f471a5e86687990f4a76cc5a1703b8bb0d2410d7af56610110fa
                                                                                                                • Opcode Fuzzy Hash: 3daf1248d6d4984287aa6ff1c081685aaea621cdc57cc5c95aae3076046bd0f7
                                                                                                                • Instruction Fuzzy Hash: 0391737190062ADFDF40CFA8CD85B9EB7B0FF45318F108568E855AB291D730E916CB91
                                                                                                                Function 640EC7AB Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 212COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640EC7B2
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                • GetStringTypeExW.KERNEL32(00000000,00000001,?,00000001,?,640D5D9C,?,00000030,80070057), ref: 640EC86B
                                                                                                                  • Part of subcall function 640F81DE: _memcpy_s.LIBCMT ref: 640F8224
                                                                                                                  • Part of subcall function 640EECE8: _wcschr.LIBCMT ref: 640EECFF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$StringType_memcpy_s_wcschr
                                                                                                                • String ID: </a$href
                                                                                                                • API String ID: 3166021290-1826667848
                                                                                                                • Opcode ID: 963684e7e03d0e5d168e21bcb8df1289d79c62b11080b4cd93000df5a879aa1d
                                                                                                                • Instruction ID: a594f491f739c1dc4826cd54494da2f8422d7046e185a6168edaff9e7d57aa10
                                                                                                                • Opcode Fuzzy Hash: 963684e7e03d0e5d168e21bcb8df1289d79c62b11080b4cd93000df5a879aa1d
                                                                                                                • Instruction Fuzzy Hash: EA718A71D0567A8FCB14CF98C890BBEBFB4EF0071CF144119D922A7290D77AA966CB80
                                                                                                                Function 6E33AA10 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 203COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileAttributesExW.KERNEL32(?,00000000,?), ref: 6E33A9D3
                                                                                                                • memset.MSVCRT ref: 6E33AA5F
                                                                                                                  • Part of subcall function 6E3318E5: _vsnwprintf.MSVCRT ref: 6E331913
                                                                                                                Strings
                                                                                                                • Microsoft\Windows\Sqm\Upload, xrefs: 6E33FF0B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile_vsnwprintfmemset
                                                                                                                • String ID: Microsoft\Windows\Sqm\Upload
                                                                                                                • API String ID: 1199674523-1629975561
                                                                                                                • Opcode ID: 6f62ce49fc6c5d50555181f093f752f7a393b4515c304ec0328eb4d217216e2b
                                                                                                                • Instruction ID: 5f58e4bb094d13c3bc4d5d18db1e03fec97f2eee458e5cc9a5f99cf7af1cc5f0
                                                                                                                • Opcode Fuzzy Hash: 6f62ce49fc6c5d50555181f093f752f7a393b4515c304ec0328eb4d217216e2b
                                                                                                                • Instruction Fuzzy Hash: F071C1319443A9AFDF918ED8CD94FDA3BADAF11308F300495E954AA291D372CA85CF91
                                                                                                                Function 640E883F Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 146COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E8846
                                                                                                                  • Part of subcall function 640F1169: __EH_prolog3.LIBCMT ref: 640F1170
                                                                                                                  • Part of subcall function 640F1169: GetSystemDirectoryW.KERNEL32(00000000,00000104), ref: 640F11B1
                                                                                                                  • Part of subcall function 640EEB56: __wcsicoll.LIBCMT ref: 640EEB74
                                                                                                                  • Part of subcall function 640F1360: GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,Action,6410FE10,?,?,?,74402FA0,Action,?,00000000), ref: 640F1395
                                                                                                                  • Part of subcall function 640F1360: GetLastError.KERNEL32(?,?,?,74402FA0,Action,?,00000000), ref: 640F13A5
                                                                                                                Strings
                                                                                                                • $$RequiredSpaceOnSystemDrive$$, xrefs: 640E88FB
                                                                                                                • $$SystemDrive$$, xrefs: 640E8895
                                                                                                                • $$AvailableSpaceOnSystemDrive$$, xrefs: 640E897E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$DirectoryDiskErrorFreeLastSpaceSystem__wcsicoll
                                                                                                                • String ID: $$AvailableSpaceOnSystemDrive$$$$$RequiredSpaceOnSystemDrive$$$$$SystemDrive$$
                                                                                                                • API String ID: 2351290856-2773778658
                                                                                                                • Opcode ID: 3449373c5d54ca5767ab1c4e35c8d6fe5ed5bfce510a4ab6238a69599afbe6fd
                                                                                                                • Instruction ID: f779f46117ea9daa9005cf1e0fe2c6bbd2142ad26d09924d4834c865a53e2f20
                                                                                                                • Opcode Fuzzy Hash: 3449373c5d54ca5767ab1c4e35c8d6fe5ed5bfce510a4ab6238a69599afbe6fd
                                                                                                                • Instruction Fuzzy Hash: 0E515F72E002189FDB40CBB8C885BDDBBF4AF0931CF044565EA54EB392DB74A9558BA1
                                                                                                                Function 640E1003 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 126COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640F7ACF: GetTempPathW.KERNEL32(00000100,?,?,00000000), ref: 640F7AFC
                                                                                                                  • Part of subcall function 640E0ECA: SendMessageW.USER32(00000000,0000044A,00000002,?), ref: 640E0F06
                                                                                                                • PathFileExistsW.SHLWAPI(?,?,74402FA0), ref: 640E1126
                                                                                                                • ShellExecuteW.SHELL32(00000001,print,?,00000000,00000000,00000000), ref: 640E116E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Path$ExecuteExistsFileH_prolog3MessageSendShellTemp
                                                                                                                • String ID: %s\BlockersInfo%d.rtf$print
                                                                                                                • API String ID: 2742019059-575943144
                                                                                                                • Opcode ID: 42f16ec9afe59e72617f8534cb5d95843be943b44b4f6fbcd2c55eb366bf86b8
                                                                                                                • Instruction ID: f0ddb997d8a02ef960c845ba0f09be55684b4da907e20c9970bb755428ea122f
                                                                                                                • Opcode Fuzzy Hash: 42f16ec9afe59e72617f8534cb5d95843be943b44b4f6fbcd2c55eb366bf86b8
                                                                                                                • Instruction Fuzzy Hash: F3416C721083559FD710DF65CC84A5FBBE9FF8971CF040A29F898A7251DB30E91A8B62
                                                                                                                Function 6E3497BA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 114windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageTrace
                                                                                                                • String ID: <NULL>$NULL$|Z4n
                                                                                                                • API String ID: 471583391-2236708884
                                                                                                                • Opcode ID: 6216b8f4eefdeb4843d4c607c6df635c337cc7b6a08b91d7afbdfc479e4551a8
                                                                                                                • Instruction ID: c2e98feaa8658d9e85ca155da95c91174a1ea697ad02bf8133c6c3ba1f7e9cb1
                                                                                                                • Opcode Fuzzy Hash: 6216b8f4eefdeb4843d4c607c6df635c337cc7b6a08b91d7afbdfc479e4551a8
                                                                                                                • Instruction Fuzzy Hash: E8313636A4420BEFCB019FCCCE90ABA37F9FB86704F158115E5556F194E772DA8087A0
                                                                                                                Function 640E5ECE Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 112COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E5ED5
                                                                                                                  • Part of subcall function 640E3AD4: __EH_prolog3.LIBCMT ref: 640E3ADB
                                                                                                                  • Part of subcall function 640E396A: __EH_prolog3.LIBCMT ref: 640E3971
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640E434E: __EH_prolog3.LIBCMT ref: 640E4355
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: RepairRadioButton$UninstallRadioButton$UserExperienceDataCollection
                                                                                                                • API String ID: 431132790-1241949946
                                                                                                                • Opcode ID: 4188a119875d4401454ec19021301c1a973ab1eac8da2755ec22bf7b9d05c413
                                                                                                                • Instruction ID: 0e9d705f607b271cf593629aec60ddf40966e35974988084b7bedabd08f0c95a
                                                                                                                • Opcode Fuzzy Hash: 4188a119875d4401454ec19021301c1a973ab1eac8da2755ec22bf7b9d05c413
                                                                                                                • Instruction Fuzzy Hash: D341807150025CEFEB00DBB8C884BEEB7E8AF1931CF444459E559E7281DB74EA19DB21
                                                                                                                Function 6E333E29 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,-00020018,00000000,80000002,CEIPEnable,00000002), ref: 6E333E94
                                                                                                                • RegQueryValueExW.ADVAPI32(00000000,00000002,00000000,?,?,00000004), ref: 6E333EB0
                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 6E333ECE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                • String ID: CEIPEnable
                                                                                                                • API String ID: 3677997916-1389088331
                                                                                                                • Opcode ID: 5b2665083faf3db633c547d5efd349b66cf19f6c07892310aa4641e7bca3d0c7
                                                                                                                • Instruction ID: 2191c5856bac3b1a360c98943ca6acd01b9d683d9093c1ade1e3fba8ab11b3ec
                                                                                                                • Opcode Fuzzy Hash: 5b2665083faf3db633c547d5efd349b66cf19f6c07892310aa4641e7bca3d0c7
                                                                                                                • Instruction Fuzzy Hash: 5931E132944699EFCB528EC4C994FEA7BB9AB51348F724095E910AB2B0D373C984CF50
                                                                                                                Function 640E381C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E3823
                                                                                                                  • Part of subcall function 640DD76F: __EH_prolog3.LIBCMT ref: 640DD776
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: HTML$RTF$Type
                                                                                                                • API String ID: 431132790-2981198847
                                                                                                                • Opcode ID: 646d260930f52c297e759a63a78d8056ce0f9bad7fa820798de08d8185d511fa
                                                                                                                • Instruction ID: ed9ef10242c822815e0e584ee782ee6aeb152434b3cf38a6546f4d6229dc7639
                                                                                                                • Opcode Fuzzy Hash: 646d260930f52c297e759a63a78d8056ce0f9bad7fa820798de08d8185d511fa
                                                                                                                • Instruction Fuzzy Hash: 653150729003299FEB00DBA8C9417FEBBB4AF0532CF144259E864A72D0D775AA59C791
                                                                                                                Function 640F74DC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • GetServiceDisplayName failed with error: %u, xrefs: 640F757D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$H_prolog3
                                                                                                                • String ID: GetServiceDisplayName failed with error: %u
                                                                                                                • API String ID: 3502553090-3718371905
                                                                                                                • Opcode ID: 28144746fbbec01c553dd6ae3f06c519f683e29b101aba6e8704e368d6c363f5
                                                                                                                • Instruction ID: 27b2b9e31dc28a518cd91b86b028020fb25f0305d6b110b9dd0b7c08d3589154
                                                                                                                • Opcode Fuzzy Hash: 28144746fbbec01c553dd6ae3f06c519f683e29b101aba6e8704e368d6c363f5
                                                                                                                • Instruction Fuzzy Hash: 6121A371600115AFEB40DFA5CC85BAEBBB5FF04718F108528E824A7291DB70EA51CB61
                                                                                                                Function 640DEDE8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetWindowPlacement.USER32(?,?), ref: 640DEE4B
                                                                                                                • MapDialogRect.USER32(?,?), ref: 640DEE6C
                                                                                                                • SetWindowPlacement.USER32(?,0000002C), ref: 640DEE79
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PlacementWindow$DialogRect
                                                                                                                • String ID: ,
                                                                                                                • API String ID: 3865709247-3772416878
                                                                                                                • Opcode ID: b75604566f777640569053a5382a6409817e34efbf63b698e3b9e6d4fff37936
                                                                                                                • Instruction ID: 47822096b68d1c108f998804bfa461b218bfcfa791f6edeea16b95df6bb72162
                                                                                                                • Opcode Fuzzy Hash: b75604566f777640569053a5382a6409817e34efbf63b698e3b9e6d4fff37936
                                                                                                                • Instruction Fuzzy Hash: 5221E475A00228EFCB00DFA8D88899DBBF5FF4D310B10456AF955E7360DB30AA05CB90
                                                                                                                Function 640E8C2A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E8C31
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640E93BE: __EH_prolog3.LIBCMT ref: 640E93C5
                                                                                                                  • Part of subcall function 640E93BE: SendDlgItemMessageW.USER32(00000001,0000006F,00000172,00000001,?), ref: 640E9509
                                                                                                                  • Part of subcall function 640E93BE: SetWindowTextW.USER32(?,?), ref: 640E9518
                                                                                                                  • Part of subcall function 640E93BE: EnableWindow.USER32(?,00000001), ref: 640E952C
                                                                                                                  • Part of subcall function 640E93BE: ShowWindow.USER32(?,00000000), ref: 640E954A
                                                                                                                  • Part of subcall function 640E9584: __EH_prolog3.LIBCMT ref: 640E958B
                                                                                                                  • Part of subcall function 640E9584: SendDlgItemMessageW.USER32(00000001,00000070,00000172,00000001,?), ref: 640E9714
                                                                                                                  • Part of subcall function 640E9584: SetWindowTextW.USER32(?,00000001), ref: 640E9723
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3Window$ItemMessageSendText$EnableShow
                                                                                                                • String ID: complete$Action$System Requirement Checks
                                                                                                                • API String ID: 1922407589-3507766184
                                                                                                                • Opcode ID: c9fe5e1ef5119d8fe58212f89fcfd9dc713258c09b5fa670c04f0175cb4a9790
                                                                                                                • Instruction ID: 9c1788595bf220a57c67260719df9ece08c2c6ddde9687381e8419ba5b35ab0a
                                                                                                                • Opcode Fuzzy Hash: c9fe5e1ef5119d8fe58212f89fcfd9dc713258c09b5fa670c04f0175cb4a9790
                                                                                                                • Instruction Fuzzy Hash: C611E9319002689FEB40DBB4C984BFEB7F8AF0931CF144469E555D7281CB749A09C761
                                                                                                                Function 6E3384A3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetSystemTime.KERNEL32(00000000,00000000,?,?,?,6E33833E,?), ref: 6E3384AF
                                                                                                                • SystemTimeToFileTime.KERNEL32(6E33833E,6E33833E,?,?,?,6E33833E,?), ref: 6E3384BD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Time$System$File
                                                                                                                • String ID: MSQM$x
                                                                                                                • API String ID: 2838179519-3648152566
                                                                                                                • Opcode ID: 248b33d3b38fe6e286092102618588605a898cbadc827215b5d467ed05ace927
                                                                                                                • Instruction ID: 5c1bd2e31ca3ee71400649490496d9da97370c43803040f1dd11b2f92414f944
                                                                                                                • Opcode Fuzzy Hash: 248b33d3b38fe6e286092102618588605a898cbadc827215b5d467ed05ace927
                                                                                                                • Instruction Fuzzy Hash: CC11AD3191029AEBCB89DEE5C884EED3BAEAF05344F7004A4E900DF660D372C985CF45
                                                                                                                Function 640E7F0A Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E7F11
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640F60A8: __EH_prolog3.LIBCMT ref: 640F60AF
                                                                                                                  • Part of subcall function 640DB8EF: __EH_prolog3.LIBCMT ref: 640DB8F6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: complete$Action$Enumerating incompatible services
                                                                                                                • API String ID: 431132790-2452571594
                                                                                                                • Opcode ID: b60ad64d25cc74bd4745a618a30c561811fd9ea1bdf54ae207344e79569a9f1f
                                                                                                                • Instruction ID: f5cc0c13b9c3b7ab352c1e97fa5fc4d2c3802b12d60526a62dece02b394a2bf5
                                                                                                                • Opcode Fuzzy Hash: b60ad64d25cc74bd4745a618a30c561811fd9ea1bdf54ae207344e79569a9f1f
                                                                                                                • Instruction Fuzzy Hash: 22113C36800278EFDF11DFD4C940BAE7FB5EB1A718F148065E954AB250CB748A49EBA1
                                                                                                                Function 640E78D5 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E78DC
                                                                                                                  • Part of subcall function 640F83FD: _memcpy_s.LIBCMT ref: 640F844E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3_memcpy_s
                                                                                                                • String ID: Not Visible$Visible$[%u] [%s] [%s] [%s]
                                                                                                                • API String ID: 1212206098-88040887
                                                                                                                • Opcode ID: 1bfc5f42bfe6b44466be5d504735d9d1ae098c1edff2b6893b2a92334a3812c8
                                                                                                                • Instruction ID: 3536eeb4ac9802ab262cab4cf421033e14063fd2e8da1e22ac470cac4f80e89b
                                                                                                                • Opcode Fuzzy Hash: 1bfc5f42bfe6b44466be5d504735d9d1ae098c1edff2b6893b2a92334a3812c8
                                                                                                                • Instruction Fuzzy Hash: B7017CBA500256AFEB01CF69C844B8DBBA0FF15208F44C150ED589B311DB34E8258BE1
                                                                                                                Function 6E34A6A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 26libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNEL32(netapi32,NetGetJoinInformation,00000007), ref: 6E34A6C4
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 6E34A6CB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                • String ID: NetGetJoinInformation$netapi32
                                                                                                                • API String ID: 2574300362-2552388246
                                                                                                                • Opcode ID: 5b0f71f2b6df4f500e6353dc0e9af8c0237f36045f1c0351ed2f3232a9e993d6
                                                                                                                • Instruction ID: c887cd6485c2b06cf04f88cf0581d33346ef4869f70489e32c75517ce4ce67a5
                                                                                                                • Opcode Fuzzy Hash: 5b0f71f2b6df4f500e6353dc0e9af8c0237f36045f1c0351ed2f3232a9e993d6
                                                                                                                • Instruction Fuzzy Hash: 32E04F3158CA46DBE65046FA5904EA633ED5751265F210A31F92CD5580FB29D400DA24
                                                                                                                Function 6E34A703 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 26libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(netapi32,NetApiBufferFree,00000007), ref: 6E34A727
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 6E34A72E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: NetApiBufferFree$netapi32
                                                                                                                • API String ID: 1646373207-4116497281
                                                                                                                • Opcode ID: 8d58b0a00bd64bfc17a4bf2af585cba1055266e78c2da07ae8cd0a4970caba64
                                                                                                                • Instruction ID: 1a925ca1f326ac635b5f041b4931459a53221c8c43c47a6a3984766b7a2b8b09
                                                                                                                • Opcode Fuzzy Hash: 8d58b0a00bd64bfc17a4bf2af585cba1055266e78c2da07ae8cd0a4970caba64
                                                                                                                • Instruction Fuzzy Hash: 80E08631948A46DAE6B056FA5C98E763FFC4751324F310A31F918C91C1FB27D940CB20
                                                                                                                Function 6E34A8F1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 24synchronizationCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • OpenEventA.KERNEL32(00100000,00000000,Global\TabletHardwarePresent), ref: 6E34A902
                                                                                                                • WaitForSingleObject.KERNEL32(00000000,00000000), ref: 6E34A910
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 6E34A91E
                                                                                                                Strings
                                                                                                                • Global\TabletHardwarePresent, xrefs: 6E34A8F5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseEventHandleObjectOpenSingleWait
                                                                                                                • String ID: Global\TabletHardwarePresent
                                                                                                                • API String ID: 1727428665-3144360101
                                                                                                                • Opcode ID: 3a2fe85f78182a8a728f2417f388eabe52fbe9fa4363ee2caeafc7e549486717
                                                                                                                • Instruction ID: 404654efb05bb1d472acd72d774271b666427d0a1b8e37eb5eee31f7dc6ff523
                                                                                                                • Opcode Fuzzy Hash: 3a2fe85f78182a8a728f2417f388eabe52fbe9fa4363ee2caeafc7e549486717
                                                                                                                • Instruction Fuzzy Hash: B5D01233601570A786B111765C0CD9F5EACDBCBEF1B160110F449D32009A544C06C1E0
                                                                                                                Function 6E33787B Relevance: 6.4, APIs: 5, Instructions: 108COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 6E3378C4
                                                                                                                • memmove.MSVCRT(?,?,00000001,?,?,00000000,00000000,?,?,00000000,?,?,?,?,?,6E34D3F8), ref: 6E345485
                                                                                                                • memset.MSVCRT ref: 6E3454A4
                                                                                                                • memmove.MSVCRT(?,?,00010000,?,?,000000FB,00000000,?,00000000,000000FF,?,?,?,?,?,00000004), ref: 6E3454C9
                                                                                                                • memmove.MSVCRT(?,?,?,?,?,?,?,?,000000FB,00000000,?,00000000,000000FF,?,?,?), ref: 6E3454F2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memmove$memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 3790616698-0
                                                                                                                • Opcode ID: 077d26f26fda551de48103a5ceb68b6a756d6473fb55a76aeae2e47fc2184c85
                                                                                                                • Instruction ID: f2a4b78c1838f3870cc5c1ce1bcba9ec5940742410a4f323dd8323cae0e2d281
                                                                                                                • Opcode Fuzzy Hash: 077d26f26fda551de48103a5ceb68b6a756d6473fb55a76aeae2e47fc2184c85
                                                                                                                • Instruction Fuzzy Hash: 05317472600608EFDB14CEA8CD84DAB77EEEB882547144A2DF98AC7A04D731FE41CB50
                                                                                                                Function 6E3383E5 Relevance: 6.1, APIs: 4, Instructions: 125fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(6E33833E,80010000,00000001,00000000,00000003,00000080,00000000,6E337AF4,?,00000000,?,?,?,6E33833E,?), ref: 6E33840B
                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,00000000,?,?,?,6E33833E,?), ref: 6E33841B
                                                                                                                • CloseHandle.KERNEL32(6E33833E,?,00000000,?,?,?,6E33833E,?), ref: 6E33847C
                                                                                                                  • Part of subcall function 6E331967: malloc.MSVCRT(?,6E350554), ref: 6E331979
                                                                                                                • ReadFile.KERNEL32(6E33833E,00000000,?,6E33833E,00000000,?,00000000,?,?,?,6E33833E,?), ref: 6E33844B
                                                                                                                  • Part of subcall function 6E3384A3: GetSystemTime.KERNEL32(00000000,00000000,?,?,?,6E33833E,?), ref: 6E3384AF
                                                                                                                  • Part of subcall function 6E3384A3: SystemTimeToFileTime.KERNEL32(6E33833E,6E33833E,?,?,?,6E33833E,?), ref: 6E3384BD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$Time$System$CloseCreateHandleReadSizemalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1717276877-0
                                                                                                                • Opcode ID: 27bf69916734fa3190f95452482040560c8b13def3b804e06177b0ed1e515313
                                                                                                                • Instruction ID: 5d41229c3b11969830c161b7abdf8a6c6a9b8961dccfe2c746bae17b690921af
                                                                                                                • Opcode Fuzzy Hash: 27bf69916734fa3190f95452482040560c8b13def3b804e06177b0ed1e515313
                                                                                                                • Instruction Fuzzy Hash: CB419D74144395EFDB608EE5CC80E5A3FAAAF01358F204998F4A0DBAA0E732C944CF50
                                                                                                                Function 6E3384FC Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 117COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 6E338551
                                                                                                                  • Part of subcall function 6E3318E5: _vsnwprintf.MSVCRT ref: 6E331913
                                                                                                                  • Part of subcall function 6E3385E1: RegOpenKeyExW.ADVAPI32(6E3363AF,?,00000000,-00020018,?,00000000,?), ref: 6E33864C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Open_vsnwprintfmemset
                                                                                                                • String ID: %s\%s\%s$Sampling$Software\Microsoft\SQMClient
                                                                                                                • API String ID: 3302644324-2697463538
                                                                                                                • Opcode ID: 42914e86e3d35f644dec4de32b5c95fa7a924c6897e9c38e600396cd785e406c
                                                                                                                • Instruction ID: cce78945ab51fb0ba3dd19e0b8345a3c5a6f71d3a4ec7877aea12f7a34d99fc7
                                                                                                                • Opcode Fuzzy Hash: 42914e86e3d35f644dec4de32b5c95fa7a924c6897e9c38e600396cd785e406c
                                                                                                                • Instruction Fuzzy Hash: 0E418D316042A9EBEB54CED4CC94FDA77B9AF04318F2005D5F504EA291E776DA88CF61
                                                                                                                Function 64100047 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 6410007B
                                                                                                                • __isleadbyte_l.LIBCMT ref: 641000AE
                                                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,640F8AB5,?,00000000,00000000,?,?,?,?,640F8AB5,00000000), ref: 641000DF
                                                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,640F8AB5,00000001,00000000,00000000,?,?,?,?,640F8AB5,00000000), ref: 6410014D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                • String ID:
                                                                                                                • API String ID: 3058430110-0
                                                                                                                • Opcode ID: bb0954b90785db0557bd91001cdcf05d2046d8781dbc386d85c9e9745ab1dce2
                                                                                                                • Instruction ID: 2efd12308d8e2b37f52f69c5642764d2fd492cba188391f39d674e43020ace18
                                                                                                                • Opcode Fuzzy Hash: bb0954b90785db0557bd91001cdcf05d2046d8781dbc386d85c9e9745ab1dce2
                                                                                                                • Instruction Fuzzy Hash: 7231C031A0429AEFEB00DF68DCC0AAA3FB5BF02759F11C5A9E4648B195DB31D980DB50
                                                                                                                Function 640F017C Relevance: 6.1, APIs: 4, Instructions: 100windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MapDialogRect.USER32(?,00000000), ref: 640F01E4
                                                                                                                  • Part of subcall function 640F91B7: _malloc.LIBCMT ref: 640F91D1
                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 640F023D
                                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 640F0247
                                                                                                                • ShowWindow.USER32(?,00000001,?,00000000,?,00000000), ref: 640F024E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$DialogRectShowWindow_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 929715566-0
                                                                                                                • Opcode ID: 11b33a49f2d10b67a498533ae3472ecabb4ac00149c641933ec00d63c8150672
                                                                                                                • Instruction ID: 1a19e083018635f195b468bb961e21d4056d2e2a12be41be922fc888a3a54a5b
                                                                                                                • Opcode Fuzzy Hash: 11b33a49f2d10b67a498533ae3472ecabb4ac00149c641933ec00d63c8150672
                                                                                                                • Instruction Fuzzy Hash: 4E318D35A00214AFDB019F68CC49BAEBBF5FF89314F104029F945EB350CB319A05CB91
                                                                                                                Function 6E3489C4 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 6E3489F4
                                                                                                                  • Part of subcall function 6E345F11: EtwTraceMessage.NTDLL ref: 6E345F26
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageTracememset
                                                                                                                • String ID: %s\%s$MaxUploadFileSize$Software\Microsoft\SQMClient
                                                                                                                • API String ID: 1506953324-2140474114
                                                                                                                • Opcode ID: e6ee63b9f99903a3459527229a464c2b03d1ac7edb67838d05be4869d2fe9910
                                                                                                                • Instruction ID: f11cc163373731e7886a3057a9205e12c230dd56d19b646583c1bc3acaff34e3
                                                                                                                • Opcode Fuzzy Hash: e6ee63b9f99903a3459527229a464c2b03d1ac7edb67838d05be4869d2fe9910
                                                                                                                • Instruction Fuzzy Hash: 2721B071540298EACB50DAD5CC84EEA77EDEF40308F200895F9649B251D7F2CA89CB91
                                                                                                                Function 640DF589 Relevance: 6.1, APIs: 4, Instructions: 62windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 640DF5AC
                                                                                                                • GetObjectW.GDI32(00000000,0000005C,?), ref: 640DF5B5
                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 640DF600
                                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 640DF610
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$CreateFontIndirectObject
                                                                                                                • String ID:
                                                                                                                • API String ID: 2018999545-0
                                                                                                                • Opcode ID: a337abb6e328d9a47ddd2aa3f36d7d7830bf08d84001a1706c489ddf82c7a8d4
                                                                                                                • Instruction ID: e39fe425c3c57a69aad79f5d3e4ae946bac56a916e57440c60dda5b04c54b67b
                                                                                                                • Opcode Fuzzy Hash: a337abb6e328d9a47ddd2aa3f36d7d7830bf08d84001a1706c489ddf82c7a8d4
                                                                                                                • Instruction Fuzzy Hash: D7116071A0026CABEF119FA5CC09FDE3BA9EB45718F144125FA11DB1C0DBB0EA49CB50
                                                                                                                Function 640F4870 Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640F4877
                                                                                                                  • Part of subcall function 640DEB19: GetCurrentThreadId.KERNEL32 ref: 640DEB3A
                                                                                                                  • Part of subcall function 640DEB19: SetWindowsHookExW.USER32(00000005,Function_0000EAF4,00000000,00000000), ref: 640DEB4A
                                                                                                                  • Part of subcall function 640DEB19: MessageBoxW.USER32(?,?,?), ref: 640DEB5D
                                                                                                                  • Part of subcall function 640DEB19: UnhookWindowsHookEx.USER32(?), ref: 640DEB6D
                                                                                                                • GetParent.USER32(?), ref: 640F48A6
                                                                                                                • GetSystemMenu.USER32(00000000,00000000,0000F060,00000001,?,640F158F,?,000006F5,?,?,?,00000000,?,00000001), ref: 640F48B6
                                                                                                                • EnableMenuItem.USER32(00000000,?,640F158F), ref: 640F48BD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: HookMenuWindows$CurrentEnableH_prolog3ItemMessageParentSystemThreadUnhook
                                                                                                                • String ID:
                                                                                                                • API String ID: 267827553-0
                                                                                                                • Opcode ID: 451797009394b6c4f2dfd66433d63561b62b62c8bb6e3c03276ff5af3d68ba32
                                                                                                                • Instruction ID: 28e30fadb4e28c218215711c70efe6f4af26c5760f728cda2dec5ea22e78f12f
                                                                                                                • Opcode Fuzzy Hash: 451797009394b6c4f2dfd66433d63561b62b62c8bb6e3c03276ff5af3d68ba32
                                                                                                                • Instruction Fuzzy Hash: 17116175600750AFEB10DBB4CD84F6A77E8EF05B0CF004828F992DB690CBB4E8058B20
                                                                                                                Function 640F91B7 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _malloc.LIBCMT ref: 640F91D1
                                                                                                                  • Part of subcall function 640F8FCB: __FF_MSGBANNER.LIBCMT ref: 640F8FE4
                                                                                                                  • Part of subcall function 640F8FCB: __NMSG_WRITE.LIBCMT ref: 640F8FEB
                                                                                                                  • Part of subcall function 640F8FCB: HeapAlloc.KERNEL32(00000000,00000001,00000000,?,?,?,640F91D6,?), ref: 640F9010
                                                                                                                • std::exception::exception.LIBCMT ref: 640F9206
                                                                                                                • std::exception::exception.LIBCMT ref: 640F9220
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 640F9231
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::exception::exception$AllocException@8HeapThrow_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1414122017-0
                                                                                                                • Opcode ID: 1d2f66204ae0eaf3201dc6e828895cf3d5fc68dbeadf823d3074a643fae2e273
                                                                                                                • Instruction ID: 5ea7c2018dff1454629c6da81b183da686a4f14d644ff7194bf32b65907b8f31
                                                                                                                • Opcode Fuzzy Hash: 1d2f66204ae0eaf3201dc6e828895cf3d5fc68dbeadf823d3074a643fae2e273
                                                                                                                • Instruction Fuzzy Hash: 46F0AF35508239AAEF84EFA5CC45BDD7BA9FF8271CB10043AEC21A7180DB708A46C751
                                                                                                                Function 6E349F68 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 6E349F81
                                                                                                                  • Part of subcall function 6E349F36: ??0exception@@QAE@ABV0@@Z.MSVCRT(6E3444B1), ref: 6E349F41
                                                                                                                • _CxxThrowException.MSVCRT(?,6E34E290), ref: 6E349F8F
                                                                                                                • ??1exception@@UAE@XZ.MSVCRT ref: 6E349FA8
                                                                                                                • free.MSVCRT ref: 6E349FB4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ??0exception@@??1exception@@ExceptionThrowV0@@freestd::bad_exception::bad_exception
                                                                                                                • String ID:
                                                                                                                • API String ID: 2985545613-0
                                                                                                                • Opcode ID: 835b5f94544703ebeaf70fecebfdbc5b46b1ca466277eb395c71d9b66ea952fa
                                                                                                                • Instruction ID: eff6fb7472a2ac53034256dbc795aac0fa5407037c19ba28a5b448240d553717
                                                                                                                • Opcode Fuzzy Hash: 835b5f94544703ebeaf70fecebfdbc5b46b1ca466277eb395c71d9b66ea952fa
                                                                                                                • Instruction Fuzzy Hash: 28E022B380834CB7C711AEF9A801CCBBBDCAF42354F200866F99493242AB74CD0582E8
                                                                                                                Function 64101EFE Relevance: 6.0, APIs: 4, Instructions: 38COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(64112FA0,64112F8C,?,?,640EEFB9,00000000,?,?,?,?,?,640EE923,?,-00000010), ref: 64101F0B
                                                                                                                • LeaveCriticalSection.KERNEL32(64112FA0,?,640EEFB9,00000000,?,?,?,?,?,640EE923,?,-00000010), ref: 64101F27
                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,640EEFB9,00000000,?,?,?,?,?,640EE923,?,-00000010), ref: 64101F46
                                                                                                                • LeaveCriticalSection.KERNEL32(64112FA0,?,640EEFB9,00000000,?,?,?,?,?,640EE923,?,-00000010), ref: 64101F4D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$Leave$EnterExceptionRaise
                                                                                                                • String ID:
                                                                                                                • API String ID: 799838862-0
                                                                                                                • Opcode ID: df1cd7fc86b2b52aca3b56c4478d9d5decab94239570be3be72efcbef6fc5555
                                                                                                                • Instruction ID: 22379d9fafeb1a73caba504541dc042b7568beb3d948f29774bf2e04277c42e5
                                                                                                                • Opcode Fuzzy Hash: df1cd7fc86b2b52aca3b56c4478d9d5decab94239570be3be72efcbef6fc5555
                                                                                                                • Instruction Fuzzy Hash: 0FF0BB36348620ABE7205E55DCC4B5A7F74EB86B25F018469FE05DB540CFB5B80AC750
                                                                                                                Function 6E349F75 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 6E349F81
                                                                                                                  • Part of subcall function 6E349F36: ??0exception@@QAE@ABV0@@Z.MSVCRT(6E3444B1), ref: 6E349F41
                                                                                                                • _CxxThrowException.MSVCRT(?,6E34E290), ref: 6E349F8F
                                                                                                                • ??1exception@@UAE@XZ.MSVCRT ref: 6E349FA8
                                                                                                                • free.MSVCRT ref: 6E349FB4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ??0exception@@??1exception@@ExceptionThrowV0@@freestd::bad_exception::bad_exception
                                                                                                                • String ID:
                                                                                                                • API String ID: 2985545613-0
                                                                                                                • Opcode ID: ed29901922dfe90ff6ce953f0488f41999ebb5ef4580e57656ddc4686f4f855a
                                                                                                                • Instruction ID: 1372419b67c96e1f1b6c5ecebfe464ce237ba5aafed2970a4112b343f89a233c
                                                                                                                • Opcode Fuzzy Hash: ed29901922dfe90ff6ce953f0488f41999ebb5ef4580e57656ddc4686f4f855a
                                                                                                                • Instruction Fuzzy Hash: DEE0DF7380421CB3C310BEE9A805DCBFBDC9F81224F20483AFAA493240AB74D90582E8
                                                                                                                Function 640F7DD2 Relevance: 6.0, APIs: 4, Instructions: 29threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 640F7DDD
                                                                                                                • EnterCriticalSection.KERNEL32(64112FC8,?,640F0100,?,?,00000000), ref: 640F7DEC
                                                                                                                • LeaveCriticalSection.KERNEL32(64112FC8,?,640F0100,?,?,00000000), ref: 640F7E01
                                                                                                                • RaiseException.KERNEL32(C0000005,00000001,00000000,00000000,640F6408,00000000,?,?,640F44A7,?,?,00000000,50010000,00000000,?,?), ref: 640F7E14
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$CurrentEnterExceptionLeaveRaiseThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 2662421713-0
                                                                                                                • Opcode ID: a3bf2cb6e86ba11f5b5972e564d13ec18f5d86a4bf5e670e703e46c3b13605c2
                                                                                                                • Instruction ID: b77006ca14b6c41ee77909c69cbbf6350c88b4c34ac64df4913309f38e89474c
                                                                                                                • Opcode Fuzzy Hash: a3bf2cb6e86ba11f5b5972e564d13ec18f5d86a4bf5e670e703e46c3b13605c2
                                                                                                                • Instruction Fuzzy Hash: 52E06D70508632ABDB116F259D08B4ABEE8EB56B12F01452EFD11E7284DBB09400CB50
                                                                                                                Function 640DCCD2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 179COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • schema validation failure: child element not found - , xrefs: 640DCE0B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Exception@8H_prolog3Throw
                                                                                                                • String ID: schema validation failure: child element not found -
                                                                                                                • API String ID: 3670251406-3859288074
                                                                                                                • Opcode ID: 22bb715c075cf1a01816ef5c2886be044315eff9f2b0381287b653a682a50299
                                                                                                                • Instruction ID: ed5c2855b17efce677b1e1181783dc467b14871c65b34d2a505095638f438d79
                                                                                                                • Opcode Fuzzy Hash: 22bb715c075cf1a01816ef5c2886be044315eff9f2b0381287b653a682a50299
                                                                                                                • Instruction Fuzzy Hash: 32715F7190426DDFDB01CFA4C884BEEBBB9BF49718F244549F811AB290C771AE05DBA1
                                                                                                                Function 640E200C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 106COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E2013
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640DD76F: __EH_prolog3.LIBCMT ref: 640DD776
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: Name$Size
                                                                                                                • API String ID: 431132790-481755742
                                                                                                                • Opcode ID: 14ee137c145d6de7c435b72f84c3530af9b2c74965f02b80419c38800d9e1c96
                                                                                                                • Instruction ID: 4491f177662c5b4c16d42819fe958feac38ca4abe0c2766ebfe6149b7d496036
                                                                                                                • Opcode Fuzzy Hash: 14ee137c145d6de7c435b72f84c3530af9b2c74965f02b80419c38800d9e1c96
                                                                                                                • Instruction Fuzzy Hash: 8E41717190026DDFEF01CBE8C944BEEBBB8AF1531CF148198E564A7291D774DA09CB61
                                                                                                                Function 6E34B21B Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcschr
                                                                                                                • String ID: \\?\
                                                                                                                • API String ID: 1497570035-4282027825
                                                                                                                • Opcode ID: 237bce8727bfc2d1b870c82156a0ffe6c3616cab6fb5e4944e76ee9e98dea6ff
                                                                                                                • Instruction ID: 1dc893ff489eddf98485cf0a84a5d2810fc06bbf1e50c5ec2734bf6118e26fb8
                                                                                                                • Opcode Fuzzy Hash: 237bce8727bfc2d1b870c82156a0ffe6c3616cab6fb5e4944e76ee9e98dea6ff
                                                                                                                • Instruction Fuzzy Hash: 0431F133604A12EEA7519EDE885099F33F8EF013A4B014925DED69F14CEB62EE4183E0
                                                                                                                Function 6E3330E7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ctype$malloc
                                                                                                                • String ID: W
                                                                                                                • API String ID: 624949309-655174618
                                                                                                                • Opcode ID: 7f0c1b1a179a3b09a6a19488affd130c8792208395edcda6b02c07f58ac75aa6
                                                                                                                • Instruction ID: 6d8b755b61eb0756edae49fde66f0ea0f8ae8548aa109b219cbf30475ee90b5f
                                                                                                                • Opcode Fuzzy Hash: 7f0c1b1a179a3b09a6a19488affd130c8792208395edcda6b02c07f58ac75aa6
                                                                                                                • Instruction Fuzzy Hash: 7031A274A00266EFD708DF9AD858E69B7AAFF88351F30C52DD86A8B351CB75D900CB50
                                                                                                                Function 6E3498D7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageTrace
                                                                                                                • String ID: <NULL>$NULL
                                                                                                                • API String ID: 471583391-888386124
                                                                                                                • Opcode ID: 4a42aa263ababc2d1ba1bbe6ecbbd76c0b90fd51052af5b28ba7070bda657507
                                                                                                                • Instruction ID: 96be74efe745f4c4ed410420fd70b81e619f43abded463a28f186411277607a8
                                                                                                                • Opcode Fuzzy Hash: 4a42aa263ababc2d1ba1bbe6ecbbd76c0b90fd51052af5b28ba7070bda657507
                                                                                                                • Instruction Fuzzy Hash: 8D21F23660420BEFEB114F89CD44BA737F9EB8A760F048014F9559B294E771DA91CBD0
                                                                                                                Function 6E34877C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageTrace
                                                                                                                • String ID: <NULL>$NULL
                                                                                                                • API String ID: 471583391-888386124
                                                                                                                • Opcode ID: b66b67497a9f06ff2ae25935a537275d2af59ee1f38c69e760b0bd27594b0a06
                                                                                                                • Instruction ID: 45c4f1f8cb155820ef54dfcd18b15764f5001a54d856135a11892641a78b943c
                                                                                                                • Opcode Fuzzy Hash: b66b67497a9f06ff2ae25935a537275d2af59ee1f38c69e760b0bd27594b0a06
                                                                                                                • Instruction Fuzzy Hash: BE21CF35A0420AEEDB014F8ECC62A633BF9EB81714F048015F9108B284EB76DA918BD0
                                                                                                                Function 640E443D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E4444
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640E27EE: __EH_prolog3.LIBCMT ref: 640E27F5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: SQMPermissionCheckbox$SysLink
                                                                                                                • API String ID: 431132790-2543308372
                                                                                                                • Opcode ID: 837facacc7ccf83aa113aa669d8622d088bf70b7ea9c3fbfb821f29ee0f3ebae
                                                                                                                • Instruction ID: b19339334ffb6874ff0cd3aa43a2a92a4252d7228e87a94de4d8348a156682d5
                                                                                                                • Opcode Fuzzy Hash: 837facacc7ccf83aa113aa669d8622d088bf70b7ea9c3fbfb821f29ee0f3ebae
                                                                                                                • Instruction Fuzzy Hash: 4D310C71900169EFEB01DBE8C984BDEBBB8AF1921CF148155E558F7281DB34EA09CB71
                                                                                                                Function 6E349AFF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,?,V.4n,00000000,00000000,?,00000000,?,6E342E56,?,?,00000100,?), ref: 6E349B37
                                                                                                                • GetLastError.KERNEL32(?,6E342E56,?,?,00000100,?,?,00000000), ref: 6E349B49
                                                                                                                  • Part of subcall function 6E3499F8: EtwTraceMessage.NTDLL ref: 6E349A13
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharErrorLastMessageMultiTraceWide
                                                                                                                • String ID: V.4n
                                                                                                                • API String ID: 1881890961-3973143328
                                                                                                                • Opcode ID: 796a227b2d2d50de32d14bbac3b119de283407203f34bcc42e533b007fa73d58
                                                                                                                • Instruction ID: 355ea13cd4e5f81d38a69428987a93a0dc4ab665a8a6aad48a9fb6b2f6c77f00
                                                                                                                • Opcode Fuzzy Hash: 796a227b2d2d50de32d14bbac3b119de283407203f34bcc42e533b007fa73d58
                                                                                                                • Instruction Fuzzy Hash: E1119031140247EFDB919EE58D94EA67BDDEF06398F100498F495CB262D223C854DB60
                                                                                                                Function 640E3654 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E365B
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640DD76F: __EH_prolog3.LIBCMT ref: 640DD776
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: Hide$Text
                                                                                                                • API String ID: 431132790-3852183071
                                                                                                                • Opcode ID: 6da25e95c1bb1959597d75cb982eb654a6107e6b35e0b38daf09d8c79f9c99a6
                                                                                                                • Instruction ID: 8ef5da482c264876c5cd2efb63ce01548f22739a4e3f70c564dec70f2e57bfb7
                                                                                                                • Opcode Fuzzy Hash: 6da25e95c1bb1959597d75cb982eb654a6107e6b35e0b38daf09d8c79f9c99a6
                                                                                                                • Instruction Fuzzy Hash: 28210171900269DFEF01DBB8C944BDEBBB8AF19318F188055E454EB391DB35EA09CB61
                                                                                                                Function 640E60C9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E60D0
                                                                                                                  • Part of subcall function 640E396A: __EH_prolog3.LIBCMT ref: 640E3971
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                  • Part of subcall function 640E5ECE: __EH_prolog3.LIBCMT ref: 640E5ED5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: Uninstall$UninstallPatch
                                                                                                                • API String ID: 431132790-3176843842
                                                                                                                • Opcode ID: da3a4440e08ed8e532975d6b44dcbeeeeef547cf21547498589fdbd087b14990
                                                                                                                • Instruction ID: bb1fdbd1cf6875cbc3e98b639b50d6430bd028d2e485ee1fd662f8aa901ec96e
                                                                                                                • Opcode Fuzzy Hash: da3a4440e08ed8e532975d6b44dcbeeeeef547cf21547498589fdbd087b14990
                                                                                                                • Instruction Fuzzy Hash: 7B213D76900258EFEF01DBE8C944BEEB7B8AF19318F148455E914E7281CB35EA15CB71
                                                                                                                Function 640F383E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _wcsnlen.LIBCMT ref: 640F3871
                                                                                                                • _memcpy_s.LIBCMT ref: 640F38A7
                                                                                                                  • Part of subcall function 640F83CE: __CxxThrowException@8.LIBCMT ref: 640F83E2
                                                                                                                Strings
                                                                                                                • GetProcessImageFileNameW, xrefs: 640F3845
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Exception@8Throw_memcpy_s_wcsnlen
                                                                                                                • String ID: GetProcessImageFileNameW
                                                                                                                • API String ID: 31407445-2183627785
                                                                                                                • Opcode ID: 58b44cfe9f597e04b2a58242de80d976cc417e8682e4cb7d5e789503a36fe5f7
                                                                                                                • Instruction ID: 847cd56bd711cf74eae84d4591c94b66f236efd2c3100f3db56be56490b04890
                                                                                                                • Opcode Fuzzy Hash: 58b44cfe9f597e04b2a58242de80d976cc417e8682e4cb7d5e789503a36fe5f7
                                                                                                                • Instruction Fuzzy Hash: F301A133A00218BFDB448F69CC48A9E37E9DA84378711813DFC149B650EB34AA028B91
                                                                                                                Function 640DF0C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640DF0CF
                                                                                                                  • Part of subcall function 640EF21D: _wcsnlen.LIBCMT ref: 640EF1B2
                                                                                                                • DeleteFileW.KERNEL32(00000000,00000010,HFI,00000000,00000000,640D79E4,00000004,640F57E2,?,?,?,?,?,?,00000024,640DF18B), ref: 640DF14B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFileH_prolog3_wcsnlen
                                                                                                                • String ID: HFI
                                                                                                                • API String ID: 1332513528-686494941
                                                                                                                • Opcode ID: 978dafa640dd3c41e4008956815e58ec807419dd3fa7a40b3f25b2176d05fb05
                                                                                                                • Instruction ID: fcbefeab34ec155f56a839f2026f0f8eee922f3d1856da4443d0c1584bfd2fe8
                                                                                                                • Opcode Fuzzy Hash: 978dafa640dd3c41e4008956815e58ec807419dd3fa7a40b3f25b2176d05fb05
                                                                                                                • Instruction Fuzzy Hash: E011E5363002649FEB40EF79CC4479DB7E9AF5571CF008265E960AB294DB709D0A8791
                                                                                                                Function 640E372E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: Enable$false
                                                                                                                • API String ID: 431132790-2988405606
                                                                                                                • Opcode ID: 05675fbea172bbc70c90f2af0d2c5151dcf01b85a7d5e3ed800aab8417257ab8
                                                                                                                • Instruction ID: 80adffa2a310193895fc94a7f3048617f9f0c05e5436eec930aa7671ba07ca99
                                                                                                                • Opcode Fuzzy Hash: 05675fbea172bbc70c90f2af0d2c5151dcf01b85a7d5e3ed800aab8417257ab8
                                                                                                                • Instruction Fuzzy Hash: 06118275900269DFEB10CBE8C884BEDB7F86F1971CF540054D560E7290D774DA49CB61
                                                                                                                Function 6E348844 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageTrace
                                                                                                                • String ID: <NULL>$NULL
                                                                                                                • API String ID: 471583391-888386124
                                                                                                                • Opcode ID: b2f6ce62483fb40ad6c89530d2bc75f76f5bbfd710f8880ce7829a4226b5e7de
                                                                                                                • Instruction ID: bb4cdfdba40c4e291a6d5a6b76026263340c33a1b1bb5ec14254471aa8fb4b5c
                                                                                                                • Opcode Fuzzy Hash: b2f6ce62483fb40ad6c89530d2bc75f76f5bbfd710f8880ce7829a4226b5e7de
                                                                                                                • Instruction Fuzzy Hash: 5A017C75A4020AEEEB05AE88CC55FB737B9EB85700F048514FA119A194E7B1D990C7D1
                                                                                                                Function 6E33198C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SqmCleanup.SQMAPI(?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E331E1C
                                                                                                                  • Part of subcall function 6E33247C: LoadLibraryW.KERNEL32(advapi32,?,6E3319A1,00000000,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E332484
                                                                                                                  • Part of subcall function 6E33247C: GetProcAddress.KERNEL32(00000000,TraceMessage), ref: 6E3324A1
                                                                                                                  • Part of subcall function 6E33247C: GetProcAddress.KERNEL32(00000000,TraceMessageVa), ref: 6E3324C0
                                                                                                                  • Part of subcall function 6E33247C: FreeLibrary.KERNEL32(00000000,?,6E3319A1,00000000,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E3324D0
                                                                                                                  • Part of subcall function 6E332671: InitializeCriticalSectionAndSpinCount.KERNEL32(6E350168,00000FA0,?,?,6E3319CB,Microsoft\Windows\SoftwareQualityMetricsClient,6E350180,00000000,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E33268E
                                                                                                                  • Part of subcall function 6E332671: SetLastError.KERNEL32(00000000,?,?,6E3319CB,Microsoft\Windows\SoftwareQualityMetricsClient,6E350180,00000000,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E3326D1
                                                                                                                • DisableThreadLibraryCalls.KERNEL32(?,Microsoft\Windows\SoftwareQualityMetricsClient,6E350180,00000000,?,6E331C30,?,?,?,6E331C70,0000002C), ref: 6E3319CE
                                                                                                                Strings
                                                                                                                • Microsoft\Windows\SoftwareQualityMetricsClient, xrefs: 6E3319AC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Library$AddressProc$CallsCleanupCountCriticalDisableErrorFreeInitializeLastLoadSectionSpinThread
                                                                                                                • String ID: Microsoft\Windows\SoftwareQualityMetricsClient
                                                                                                                • API String ID: 1374315629-2483579846
                                                                                                                • Opcode ID: 4f91ad0573a6816383807c08aed516bdc855b87b13936bcf6aed3dbe562b61bd
                                                                                                                • Instruction ID: 05eb2209f8723e7bc54836cebc9e261b602ef721c8c3740c2746560395c7c66d
                                                                                                                • Opcode Fuzzy Hash: 4f91ad0573a6816383807c08aed516bdc855b87b13936bcf6aed3dbe562b61bd
                                                                                                                • Instruction Fuzzy Hash: FA01A1344157F4ABCB915BD1C840F893B6E6F02719F304891E5945F262C732C958CFA2
                                                                                                                Function 640F5002 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _vswprintf_s_vwprintf
                                                                                                                • String ID: `:d
                                                                                                                • API String ID: 2206667278-3438252885
                                                                                                                • Opcode ID: fcc1bb99c2cc181fa84674e884af4066ec8b3e59836dbbb6213f0ebaee3c636c
                                                                                                                • Instruction ID: 2900a92849143557dd1b7e2726326c306cd658f1846ba7427aa97dc1f0965b5e
                                                                                                                • Opcode Fuzzy Hash: fcc1bb99c2cc181fa84674e884af4066ec8b3e59836dbbb6213f0ebaee3c636c
                                                                                                                • Instruction Fuzzy Hash: 88014476504119BFAB54DBD9DC84E9E77ACDB4435CB10807AFA04A7101EB71EA028A94
                                                                                                                Function 6E3477B8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageTrace
                                                                                                                • String ID: <NULL>$NULL
                                                                                                                • API String ID: 471583391-888386124
                                                                                                                • Opcode ID: ac8fce85450adca9b19bf7fdcd0532e9598c1cd82e8397369a4d652ab687de6e
                                                                                                                • Instruction ID: d795d7879747b2e54657bdadf26822938b9eeb22d7485ab78a0ce961be63a42c
                                                                                                                • Opcode Fuzzy Hash: ac8fce85450adca9b19bf7fdcd0532e9598c1cd82e8397369a4d652ab687de6e
                                                                                                                • Instruction Fuzzy Hash: 6701D67565020AEFEB015E88CC52FB73FBAEB85700F548011FA104B1D4D7B2DA91C791
                                                                                                                Function 6E3488BE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageTrace
                                                                                                                • String ID: <NULL>$NULL
                                                                                                                • API String ID: 471583391-888386124
                                                                                                                • Opcode ID: 338ca82f6cca8549c5aca1759583653763a1695bc00812cfc723b2aa7ba25b01
                                                                                                                • Instruction ID: 46f8acc7bbee8fa547545431354b936b4fa42b3b2dfefb788d4ab7da3a64da24
                                                                                                                • Opcode Fuzzy Hash: 338ca82f6cca8549c5aca1759583653763a1695bc00812cfc723b2aa7ba25b01
                                                                                                                • Instruction Fuzzy Hash: 6301813664020AEEEB055E89CC11FB73BFAEF86714F54C011FA109B294D772D99197D2
                                                                                                                Function 640EF491 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640EF498
                                                                                                                • GetLastError.KERNEL32(?,?,?,640F158F,?,000006F5,?,?,?,00000000,?,00000001,?,?,?,640E86E6), ref: 640EF4C9
                                                                                                                Strings
                                                                                                                • Failed to record Customize, xrefs: 640EF4FF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorH_prolog3Last
                                                                                                                • String ID: Failed to record Customize
                                                                                                                • API String ID: 685212868-512773136
                                                                                                                • Opcode ID: 119367045c80e464c57b59dd7e19e09af2062d45e47fc2e73b9157c3d328a2b5
                                                                                                                • Instruction ID: 81b0c5d6678173312e80cff0ec2c9407117c480764fc82bab426a072d2f43cd9
                                                                                                                • Opcode Fuzzy Hash: 119367045c80e464c57b59dd7e19e09af2062d45e47fc2e73b9157c3d328a2b5
                                                                                                                • Instruction Fuzzy Hash: 1211A572500229EFDB10DF64C944BDD7BB4BF45738F108225E924AB1D0D7309A158B90
                                                                                                                Function 6E34774A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageTrace
                                                                                                                • String ID: <NULL>$NULL
                                                                                                                • API String ID: 471583391-888386124
                                                                                                                • Opcode ID: 5e7a795634682b9852a418f935be12abfeee7a4fe70935fb0d5dbd3cc58f38bf
                                                                                                                • Instruction ID: b3daf230eaf2bee7a6023289540f9214ebd0a02634297b9aa53d1bfacc436ddd
                                                                                                                • Opcode Fuzzy Hash: 5e7a795634682b9852a418f935be12abfeee7a4fe70935fb0d5dbd3cc58f38bf
                                                                                                                • Instruction Fuzzy Hash: FB01813564020AEEEB115E88CC55FB73BAAEB85710F548051F9109A1E4D673DA9087D1
                                                                                                                Function 640E0E35 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 640F0324: SendMessageW.USER32(?,00000437,00000000,?), ref: 640F0344
                                                                                                                • _memset.LIBCMT ref: 640E0E62
                                                                                                                • SendMessageW.USER32(?,00000444,00000001,00000074), ref: 640E0E92
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$_memset
                                                                                                                • String ID: t
                                                                                                                • API String ID: 1515505866-2238339752
                                                                                                                • Opcode ID: f2e5d8b5defe3cd312c6ff471a9276a06202b2991ef8a14fee253dd131c4732b
                                                                                                                • Instruction ID: 9105d399e324b9dd97f4a760191680a8a1a7f36f4bec0a35b429d8958ce58618
                                                                                                                • Opcode Fuzzy Hash: f2e5d8b5defe3cd312c6ff471a9276a06202b2991ef8a14fee253dd131c4732b
                                                                                                                • Instruction Fuzzy Hash: DE01287190421CABEF10DFA4CC42BCE7BF4AF0A608F600129F915A7281DB75AA198B95
                                                                                                                Function 6E33BAE2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(?,80000040,00000000,00000000,6E33BA57,00000000,?,?,00000000,?,6E338733,?,0000000C,6E33BCB8,6E330000), ref: 6E33BAFB
                                                                                                                • GetLastError.KERNEL32(?,?,00000000,?,6E338733,?,0000000C,6E33BCB8,6E330000), ref: 6E34229A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CountCriticalErrorInitializeLastSectionSpin
                                                                                                                • String ID: j
                                                                                                                • API String ID: 439134102-2137352139
                                                                                                                • Opcode ID: cdd0094a28d4bcc1662140c257b8746da682fb11286ee3a91ca697d69d941946
                                                                                                                • Instruction ID: 97f04e7be815ae8ec9301bc80586845926621868d720f6d3cbd60b17405faa48
                                                                                                                • Opcode Fuzzy Hash: cdd0094a28d4bcc1662140c257b8746da682fb11286ee3a91ca697d69d941946
                                                                                                                • Instruction Fuzzy Hash: DEF0C232A40A41EFC7B08EA78904F423BEAAB81315F210469E086EB564DB31CC05DF20
                                                                                                                Function 64102C8A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 6410259F: __getptd.LIBCMT ref: 641025A5
                                                                                                                  • Part of subcall function 6410259F: __getptd.LIBCMT ref: 641025B5
                                                                                                                • __getptd.LIBCMT ref: 64102C99
                                                                                                                  • Part of subcall function 640F9BE0: __getptd_noexit.LIBCMT ref: 640F9BE3
                                                                                                                  • Part of subcall function 640F9BE0: __amsg_exit.LIBCMT ref: 640F9BF0
                                                                                                                • __getptd.LIBCMT ref: 64102CA7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                • String ID: csm
                                                                                                                • API String ID: 803148776-1018135373
                                                                                                                • Opcode ID: 40a763ddbc5ae7bd5608cdcd701207f89940e9ad0a743e3e5e4b39aced2a5921
                                                                                                                • Instruction ID: 32fdfa9a76437b32f4a62c36effa95af19d9adb68115ac27f27a37912c16b44b
                                                                                                                • Opcode Fuzzy Hash: 40a763ddbc5ae7bd5608cdcd701207f89940e9ad0a743e3e5e4b39aced2a5921
                                                                                                                • Instruction Fuzzy Hash: 18016938804205CEEF649F20C6D0BDDB7B5EF20A15F2084AED85096A94CF30CE81EF81
                                                                                                                Function 640F1169 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640F1170
                                                                                                                  • Part of subcall function 640EE8E8: __EH_prolog3.LIBCMT ref: 640EE8EF
                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000104), ref: 640F11B1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$DirectorySystem
                                                                                                                • String ID: C:\
                                                                                                                • API String ID: 105093994-3404278061
                                                                                                                • Opcode ID: a0b0c84b1aad13770fa8354333115f7ac97a6d8f0ef559e5758dabb40628be19
                                                                                                                • Instruction ID: 5e59c7975aba8376a39629895e941da3d0e2d70c3b511efbbcd48a93aebbd53c
                                                                                                                • Opcode Fuzzy Hash: a0b0c84b1aad13770fa8354333115f7ac97a6d8f0ef559e5758dabb40628be19
                                                                                                                • Instruction Fuzzy Hash: 77014FB29101399FEB04DBA4CC44BAEB775FF54728F044524E925AB290CB30AD06CB90
                                                                                                                Function 640E0D3D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 640F0324: SendMessageW.USER32(?,00000437,00000000,?), ref: 640F0344
                                                                                                                • _memset.LIBCMT ref: 640E0D6A
                                                                                                                • SendMessageW.USER32(?,00000444,00000001,?), ref: 640E0D93
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$_memset
                                                                                                                • String ID: t
                                                                                                                • API String ID: 1515505866-2238339752
                                                                                                                • Opcode ID: 8bae6a873436e9e31a0f919809709dde755f48358bc6ba76890110431a6c6050
                                                                                                                • Instruction ID: db5cba205a1ef07642f25c3c0cc63061f7bb53f3a978a9eb43b7c62acee4031b
                                                                                                                • Opcode Fuzzy Hash: 8bae6a873436e9e31a0f919809709dde755f48358bc6ba76890110431a6c6050
                                                                                                                • Instruction Fuzzy Hash: EDF03C71904218ABEF10DFA5CC41BCE7BB8EF09708F600029FA15AB281CB75AA14CF95
                                                                                                                Function 640EF532 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640EF539
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,6410677E,000000FF), ref: 640EF555
                                                                                                                Strings
                                                                                                                • Failed to record current state name, xrefs: 640EF573
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorH_prolog3Last
                                                                                                                • String ID: Failed to record current state name
                                                                                                                • API String ID: 685212868-828805506
                                                                                                                • Opcode ID: facd9a7077ef520bfcbfe97a433f78a36730d9b3ffe95d87843999bb0a96d99d
                                                                                                                • Instruction ID: 1a9392a2a6ce19af32c3364ca11d725f39c1c392233e77a07981bde6b46be1ef
                                                                                                                • Opcode Fuzzy Hash: facd9a7077ef520bfcbfe97a433f78a36730d9b3ffe95d87843999bb0a96d99d
                                                                                                                • Instruction Fuzzy Hash: 11F0F032A00120AFE700DF70CC80B9A3BA9AF25B68F018020FD04EB190DB35CA528795
                                                                                                                Function 640DF527 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetWindowPlacement.USER32(00000000,?,00000000), ref: 640DF550
                                                                                                                • SetWindowPlacement.USER32(00000000,0000002C), ref: 640DF561
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PlacementWindow
                                                                                                                • String ID: ,
                                                                                                                • API String ID: 2154376794-3772416878
                                                                                                                • Opcode ID: 6c300985bd7886307ee97cb11a03654ebfc6a7787fadc5d691ffe622b8fce163
                                                                                                                • Instruction ID: 3a208cc109f21b57009df595154b8f956765d35bce9dc317df4a4c43e1ec10c9
                                                                                                                • Opcode Fuzzy Hash: 6c300985bd7886307ee97cb11a03654ebfc6a7787fadc5d691ffe622b8fce163
                                                                                                                • Instruction Fuzzy Hash: 2AF05E32A10218ABDB00DFA5C844DEEB7B9FB45704F10052AE911A6140DB7059098B55
                                                                                                                Function 640E9A1E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • IDS_FILE_VERIFICATION_PROGRESS_BAR_HEADER, xrefs: 640E9A32
                                                                                                                • IDS_DOWNLOAD_PROGRESS_BAR_HEADER, xrefs: 640E9A39
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: IDS_DOWNLOAD_PROGRESS_BAR_HEADER$IDS_FILE_VERIFICATION_PROGRESS_BAR_HEADER
                                                                                                                • API String ID: 431132790-2780475424
                                                                                                                • Opcode ID: 92c97879399b26d95bcd8b4b4616cfb23d6574ed0c94ad0ba894615840b368b6
                                                                                                                • Instruction ID: 7e8782e7277c3ff173c0afce52aa465f94205f459678c91ae1118989cf67c121
                                                                                                                • Opcode Fuzzy Hash: 92c97879399b26d95bcd8b4b4616cfb23d6574ed0c94ad0ba894615840b368b6
                                                                                                                • Instruction Fuzzy Hash: EBF05EB6900229CFEB00DBB8C888BAD73B0EF1561CF588948E1109B294DB74D9059B90
                                                                                                                Function 640E1F81 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640E1F88
                                                                                                                  • Part of subcall function 640E1EB5: __EH_prolog3.LIBCMT ref: 640E1EBC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: Height$Width
                                                                                                                • API String ID: 431132790-1965321196
                                                                                                                • Opcode ID: db93f3c761d5ce4a4bc67c3474df8734a042ea62828a15d00bebf94c0c81b1ed
                                                                                                                • Instruction ID: 5fd2c48cde3b963daa1054f90a92baa4a8d04b571a2667be1464f964e5c3889f
                                                                                                                • Opcode Fuzzy Hash: db93f3c761d5ce4a4bc67c3474df8734a042ea62828a15d00bebf94c0c81b1ed
                                                                                                                • Instruction Fuzzy Hash: C1F01CB0F007609BD6209F76805072EBAA25FA160CB10C52AD445AF344DF74D8598B81
                                                                                                                Function 640DC224 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • An internal or user error was encountered., xrefs: 640DC254, 640DC269
                                                                                                                • A StopBlock was hit or a System Requirement was not met., xrefs: 640DC25B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: A StopBlock was hit or a System Requirement was not met.$An internal or user error was encountered.
                                                                                                                • API String ID: 431132790-2578323181
                                                                                                                • Opcode ID: ec08ef74a16bd9baccb12cd166737a5e87e3b79909a22f584c97f35e6e9c49a3
                                                                                                                • Instruction ID: b2918c8d275defe65778a4fa6c77b0ad1829d54c84ddb2a3f190a9865440c128
                                                                                                                • Opcode Fuzzy Hash: ec08ef74a16bd9baccb12cd166737a5e87e3b79909a22f584c97f35e6e9c49a3
                                                                                                                • Instruction Fuzzy Hash: 94E0657220463497E7409BE9CC843AD72647F90B1DF008110E9149F280C774CD0A8385
                                                                                                                Function 640F1DCD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640F1DD4
                                                                                                                • GetCommandLineW.KERNEL32(00000018,640EB178,00000000,?,?,640EAC46,?), ref: 640F1DD9
                                                                                                                  • Part of subcall function 640DBE03: __EH_prolog3.LIBCMT ref: 640DBE0A
                                                                                                                  • Part of subcall function 640DB9A7: __EH_prolog3.LIBCMT ref: 640DB9AE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$CommandLine
                                                                                                                • String ID: passive
                                                                                                                • API String ID: 1384747822-1995439567
                                                                                                                • Opcode ID: ac8f6daed8ffe49856ebcee7b56481cae0bb4ee7530de24ecf081b6aadfa5299
                                                                                                                • Instruction ID: 6065290b5966068a5274157fa7cda4baf483b1551190cafef53543ca32200daf
                                                                                                                • Opcode Fuzzy Hash: ac8f6daed8ffe49856ebcee7b56481cae0bb4ee7530de24ecf081b6aadfa5299
                                                                                                                • Instruction Fuzzy Hash: 48E0CD78A0022457FF04E7B48954BDC32E05B6E60CF404018E1017B1C1DF289D0D9B61
                                                                                                                Function 640F1E15 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 640F1E1C
                                                                                                                • GetCommandLineW.KERNEL32(00000018,640EB187,00000000,?,?,640EAC46,?), ref: 640F1E21
                                                                                                                  • Part of subcall function 640DBE03: __EH_prolog3.LIBCMT ref: 640DBE0A
                                                                                                                  • Part of subcall function 640DB9A7: __EH_prolog3.LIBCMT ref: 640DB9AE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$CommandLine
                                                                                                                • String ID: showfinalerror
                                                                                                                • API String ID: 1384747822-3200933950
                                                                                                                • Opcode ID: 34504fba8562dd8e351310fddd4ae1ccdc48f8621252f7b276d3e453b0da0def
                                                                                                                • Instruction ID: 9d2fbfbef1cedeecd73e77af8e29b30d4289687fc0164aa337d5305e5f6ef2b6
                                                                                                                • Opcode Fuzzy Hash: 34504fba8562dd8e351310fddd4ae1ccdc48f8621252f7b276d3e453b0da0def
                                                                                                                • Instruction Fuzzy Hash: 23E0C278A002249BFF04E7B48955BDC32E09B6EA0CF808018E101BB2C1DF289E0D9B61
                                                                                                                Function 640EA051 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetPropW.USER32(?,RotatingIconDisplayTHIS), ref: 640EA05F
                                                                                                                  • Part of subcall function 640E9CD5: GetTickCount.KERNEL32 ref: 640E9CDC
                                                                                                                • SendMessageW.USER32(00000000,00000172,00000001,00000000), ref: 640EA07E
                                                                                                                Strings
                                                                                                                • RotatingIconDisplayTHIS, xrefs: 640EA057
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CountMessagePropSendTick
                                                                                                                • String ID: RotatingIconDisplayTHIS
                                                                                                                • API String ID: 85587915-353257254
                                                                                                                • Opcode ID: a9bc3d2c0409f6a57f38f19dd6060c2562443bbd5331000b0f89444cc8cd6b5f
                                                                                                                • Instruction ID: 6b2d675be444ffe6d6b7f0aa74491a742488e99c76825be1e972415d315be3cd
                                                                                                                • Opcode Fuzzy Hash: a9bc3d2c0409f6a57f38f19dd6060c2562443bbd5331000b0f89444cc8cd6b5f
                                                                                                                • Instruction Fuzzy Hash: 4AE01231105674FBDB215F55CC09F967FA5EB467A5B044030F9999B561CB639C20DB80
                                                                                                                Function 640EA027 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 10timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KillTimer.USER32(00000125,00000002), ref: 640EA031
                                                                                                                • RemovePropW.USER32(00000125,RotatingIconDisplayTHIS), ref: 640EA03E
                                                                                                                Strings
                                                                                                                • RotatingIconDisplayTHIS, xrefs: 640EA037
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3317335483.00000000640D1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 640D0000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3317232755.00000000640D0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317636183.000000006410F000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317797673.0000000064110000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3317908456.0000000064112000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3318000159.0000000064115000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_640d0000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: KillPropRemoveTimer
                                                                                                                • String ID: RotatingIconDisplayTHIS
                                                                                                                • API String ID: 3686338637-353257254
                                                                                                                • Opcode ID: 0476679b3c50105c8f2c43eb86065359b9144816d1eb4a4a9c914e9593bd3bee
                                                                                                                • Instruction ID: 4aa261b67e7ebb1b09879b782b99f547ff08f2e491bfdc4cd008c5ed67512e25
                                                                                                                • Opcode Fuzzy Hash: 0476679b3c50105c8f2c43eb86065359b9144816d1eb4a4a9c914e9593bd3bee
                                                                                                                • Instruction Fuzzy Hash: A4D0C938004210DFEB201F10C80CB11BEB0FF09346FA08828A99555460C7764468CF00
                                                                                                                Function 6E33ABD9 Relevance: 5.2, APIs: 4, Instructions: 199COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • memset.MSVCRT ref: 6E33AC0D
                                                                                                                • EnterCriticalSection.KERNEL32(6E350168,00000000,?), ref: 6E33AC9C
                                                                                                                • LeaveCriticalSection.KERNEL32(6E350168), ref: 6E33ACFB
                                                                                                                • SetLastError.KERNEL32(00000000), ref: 6E33AD1E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.3319028132.000000006E331000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6E330000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.3318920919.000000006E330000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319189061.000000006E350000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.3319241367.000000006E351000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_6e330000_Setup.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterErrorLastLeavememset
                                                                                                                • String ID:
                                                                                                                • API String ID: 3008345650-0
                                                                                                                • Opcode ID: 76493016f1ee240c609097a5fe6a215d9afca115143a8f0b881be51123036e3c
                                                                                                                • Instruction ID: b8b86c1920120ef7c2172c1868a54e410adf409bdd6fd343aca1f88db1656a05
                                                                                                                • Opcode Fuzzy Hash: 76493016f1ee240c609097a5fe6a215d9afca115143a8f0b881be51123036e3c
                                                                                                                • Instruction Fuzzy Hash: DD7104315403A9AFDF918FD1CCD8F9A37AAAF44308F200595E8649B2A2D776CD84CF51